if_iwn.c revision 1.37.2.1
1 /* $NetBSD: if_iwn.c,v 1.37.2.1 2010/05/30 05:17:33 rmind Exp $ */ 2 /* $OpenBSD: if_iwn.c,v 1.88 2010/04/10 08:37:36 damien Exp $ */ 3 4 /*- 5 * Copyright (c) 2007-2010 Damien Bergamini <damien.bergamini (at) free.fr> 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 /* 21 * Driver for Intel WiFi Link 4965 and 1000/5000/6000 Series 802.11 network 22 * adapters. 23 */ 24 #include <sys/cdefs.h> 25 __KERNEL_RCSID(0, "$NetBSD: if_iwn.c,v 1.37.2.1 2010/05/30 05:17:33 rmind Exp $"); 26 27 #define IWN_USE_RBUF /* Use local storage for RX */ 28 #undef IWN_HWCRYPTO /* XXX does not even compile yet */ 29 30 /* XXX Avoid sensor code (correct option for NetBSD too?) */ 31 #undef SMALL_KERNEL 32 33 #include <sys/param.h> 34 #include <sys/sockio.h> 35 #include <sys/sysctl.h> 36 #include <sys/mbuf.h> 37 #include <sys/kernel.h> 38 #include <sys/socket.h> 39 #include <sys/systm.h> 40 #include <sys/malloc.h> 41 #include <sys/mutex.h> 42 #include <sys/conf.h> 43 #include <sys/kauth.h> 44 #include <sys/callout.h> 45 46 #include <dev/sysmon/sysmonvar.h> 47 48 #include <machine/bus.h> 49 #include <machine/endian.h> 50 #include <machine/intr.h> 51 52 #include <dev/pci/pcireg.h> 53 #include <dev/pci/pcivar.h> 54 #include <dev/pci/pcidevs.h> 55 56 #include <net/bpf.h> 57 #include <net/if.h> 58 #include <net/if_arp.h> 59 #include <net/if_dl.h> 60 #include <net/if_media.h> 61 #include <net/if_types.h> 62 63 #include <netinet/in.h> 64 #include <netinet/in_systm.h> 65 #include <netinet/in_var.h> 66 #include <net/if_ether.h> 67 #include <netinet/ip.h> 68 69 #include <net80211/ieee80211_var.h> 70 #include <net80211/ieee80211_amrr.h> 71 #include <net80211/ieee80211_radiotap.h> 72 73 #include <dev/firmload.h> 74 75 #include <dev/pci/if_iwnreg.h> 76 #include <dev/pci/if_iwnvar.h> 77 78 static const pci_product_id_t iwn_devices[] = { 79 PCI_PRODUCT_INTEL_WIFI_LINK_4965_1, 80 PCI_PRODUCT_INTEL_WIFI_LINK_4965_2, 81 PCI_PRODUCT_INTEL_WIFI_LINK_5100_1, 82 PCI_PRODUCT_INTEL_WIFI_LINK_5100_2, 83 PCI_PRODUCT_INTEL_WIFI_LINK_5150_1, 84 PCI_PRODUCT_INTEL_WIFI_LINK_5150_2, 85 PCI_PRODUCT_INTEL_WIFI_LINK_5300_1, 86 PCI_PRODUCT_INTEL_WIFI_LINK_5300_2, 87 PCI_PRODUCT_INTEL_WIFI_LINK_5350_1, 88 PCI_PRODUCT_INTEL_WIFI_LINK_5350_2, 89 PCI_PRODUCT_INTEL_WIFI_LINK_1000_1, 90 PCI_PRODUCT_INTEL_WIFI_LINK_1000_2, 91 PCI_PRODUCT_INTEL_WIFI_LINK_6000_3X3_1, 92 PCI_PRODUCT_INTEL_WIFI_LINK_6000_3X3_2, 93 PCI_PRODUCT_INTEL_WIFI_LINK_6000_IPA_1, 94 PCI_PRODUCT_INTEL_WIFI_LINK_6000_IPA_2, 95 PCI_PRODUCT_INTEL_WIFI_LINK_6050_2X2_1, 96 PCI_PRODUCT_INTEL_WIFI_LINK_6050_2X2_2, 97 PCI_PRODUCT_INTEL_WIFI_LINK_6005_2X2_1, 98 PCI_PRODUCT_INTEL_WIFI_LINK_6005_2X2_2, 99 }; 100 101 /* 102 * Supported rates for 802.11a/b/g modes (in 500Kbps unit). 103 */ 104 static const struct ieee80211_rateset iwn_rateset_11a = 105 { 8, { 12, 18, 24, 36, 48, 72, 96, 108 } }; 106 107 static const struct ieee80211_rateset iwn_rateset_11b = 108 { 4, { 2, 4, 11, 22 } }; 109 110 static const struct ieee80211_rateset iwn_rateset_11g = 111 { 12, { 2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108 } }; 112 113 static int iwn_match(device_t , struct cfdata *, void *); 114 static void iwn_attach(device_t , device_t , void *); 115 const struct iwn_hal *iwn_hal_attach(struct iwn_softc *, pci_product_id_t pid); 116 #ifndef SMALL_KERNEL 117 static void iwn_sensor_attach(struct iwn_softc *); 118 #endif 119 static void iwn_radiotap_attach(struct iwn_softc *); 120 static int iwn_detach(device_t , int); 121 #if 0 122 static void iwn_power(int, void *); 123 #endif 124 static bool iwn_resume(device_t, const pmf_qual_t *); 125 static int iwn_nic_lock(struct iwn_softc *); 126 static int iwn_eeprom_lock(struct iwn_softc *); 127 static int iwn_init_otprom(struct iwn_softc *); 128 static int iwn_read_prom_data(struct iwn_softc *, uint32_t, void *, int); 129 static int iwn_dma_contig_alloc(bus_dma_tag_t, struct iwn_dma_info *, 130 void **, bus_size_t, bus_size_t); 131 static void iwn_dma_contig_free(struct iwn_dma_info *); 132 static int iwn_alloc_sched(struct iwn_softc *); 133 static void iwn_free_sched(struct iwn_softc *); 134 static int iwn_alloc_kw(struct iwn_softc *); 135 static void iwn_free_kw(struct iwn_softc *); 136 static int iwn_alloc_ict(struct iwn_softc *); 137 static void iwn_free_ict(struct iwn_softc *); 138 static int iwn_alloc_fwmem(struct iwn_softc *); 139 static void iwn_free_fwmem(struct iwn_softc *); 140 static int iwn_alloc_rx_ring(struct iwn_softc *, struct iwn_rx_ring *); 141 static void iwn_reset_rx_ring(struct iwn_softc *, struct iwn_rx_ring *); 142 static void iwn_free_rx_ring(struct iwn_softc *, struct iwn_rx_ring *); 143 static int iwn_alloc_tx_ring(struct iwn_softc *, struct iwn_tx_ring *, 144 int); 145 static void iwn_reset_tx_ring(struct iwn_softc *, struct iwn_tx_ring *); 146 static void iwn_free_tx_ring(struct iwn_softc *, struct iwn_tx_ring *); 147 static void iwn5000_ict_reset(struct iwn_softc *); 148 static int iwn_read_eeprom(struct iwn_softc *); 149 static void iwn4965_read_eeprom(struct iwn_softc *); 150 #ifdef IWN_DEBUG 151 static void iwn4965_print_power_group(struct iwn_softc *, int); 152 #endif 153 static void iwn5000_read_eeprom(struct iwn_softc *); 154 static void iwn_read_eeprom_channels(struct iwn_softc *, int, uint32_t); 155 static void iwn_read_eeprom_enhinfo(struct iwn_softc *); 156 static struct ieee80211_node *iwn_node_alloc(struct ieee80211_node_table *); 157 static void iwn_newassoc(struct ieee80211_node *, int); 158 static int iwn_media_change(struct ifnet *); 159 static int iwn_newstate(struct ieee80211com *, enum ieee80211_state, int); 160 static void iwn_iter_func(void *, struct ieee80211_node *); 161 static void iwn_calib_timeout(void *); 162 static void iwn_rx_phy(struct iwn_softc *, struct iwn_rx_desc *, 163 struct iwn_rx_data *); 164 static void iwn_rx_done(struct iwn_softc *, struct iwn_rx_desc *, 165 struct iwn_rx_data *); 166 #ifndef IEEE80211_NO_HT 167 static void iwn_rx_compressed_ba(struct iwn_softc *, struct iwn_rx_desc *, 168 struct iwn_rx_data *); 169 #endif 170 static void iwn5000_rx_calib_results(struct iwn_softc *, 171 struct iwn_rx_desc *, struct iwn_rx_data *); 172 static void iwn_rx_statistics(struct iwn_softc *, struct iwn_rx_desc *, 173 struct iwn_rx_data *); 174 static void iwn4965_tx_done(struct iwn_softc *, struct iwn_rx_desc *, 175 struct iwn_rx_data *); 176 static void iwn5000_tx_done(struct iwn_softc *, struct iwn_rx_desc *, 177 struct iwn_rx_data *); 178 static void iwn_tx_done(struct iwn_softc *, struct iwn_rx_desc *, int, 179 uint8_t); 180 static void iwn_cmd_done(struct iwn_softc *, struct iwn_rx_desc *); 181 static void iwn_notif_intr(struct iwn_softc *); 182 static void iwn_wakeup_intr(struct iwn_softc *); 183 static void iwn_fatal_intr(struct iwn_softc *); 184 static int iwn_intr(void *); 185 static void iwn4965_update_sched(struct iwn_softc *, int, int, uint8_t, 186 uint16_t); 187 static void iwn5000_update_sched(struct iwn_softc *, int, int, uint8_t, 188 uint16_t); 189 #ifdef notyet 190 static void iwn5000_reset_sched(struct iwn_softc *, int, int); 191 #endif 192 static int iwn_tx(struct iwn_softc *, struct mbuf *, 193 struct ieee80211_node *, int); 194 static void iwn_start(struct ifnet *); 195 static void iwn_watchdog(struct ifnet *); 196 static int iwn_ioctl(struct ifnet *, u_long, void *); 197 static int iwn_cmd(struct iwn_softc *, int, const void *, int, int); 198 static int iwn4965_add_node(struct iwn_softc *, struct iwn_node_info *, 199 int); 200 static int iwn5000_add_node(struct iwn_softc *, struct iwn_node_info *, 201 int); 202 static int iwn_set_link_quality(struct iwn_softc *, 203 struct ieee80211_node *); 204 static int iwn_add_broadcast_node(struct iwn_softc *, int); 205 static void iwn_set_led(struct iwn_softc *, uint8_t, uint8_t, uint8_t); 206 static int iwn_set_critical_temp(struct iwn_softc *); 207 static int iwn_set_timing(struct iwn_softc *, struct ieee80211_node *); 208 static void iwn4965_power_calibration(struct iwn_softc *, int); 209 static int iwn4965_set_txpower(struct iwn_softc *, int); 210 static int iwn5000_set_txpower(struct iwn_softc *, int); 211 static int iwn4965_get_rssi(const struct iwn_rx_stat *); 212 static int iwn5000_get_rssi(const struct iwn_rx_stat *); 213 static int iwn_get_noise(const struct iwn_rx_general_stats *); 214 static int iwn4965_get_temperature(struct iwn_softc *); 215 static int iwn5000_get_temperature(struct iwn_softc *); 216 static int iwn_init_sensitivity(struct iwn_softc *); 217 static void iwn_collect_noise(struct iwn_softc *, 218 const struct iwn_rx_general_stats *); 219 static int iwn4965_init_gains(struct iwn_softc *); 220 static int iwn5000_init_gains(struct iwn_softc *); 221 static int iwn4965_set_gains(struct iwn_softc *); 222 static int iwn5000_set_gains(struct iwn_softc *); 223 static void iwn_tune_sensitivity(struct iwn_softc *, 224 const struct iwn_rx_stats *); 225 static int iwn_send_sensitivity(struct iwn_softc *); 226 static int iwn_set_pslevel(struct iwn_softc *, int, int, int); 227 static int iwn_config(struct iwn_softc *); 228 static int iwn_scan(struct iwn_softc *, uint16_t); 229 static int iwn_auth(struct iwn_softc *); 230 static int iwn_run(struct iwn_softc *); 231 #ifdef IWN_HWCRYPTO 232 static int iwn_set_key(struct ieee80211com *, struct ieee80211_node *, 233 struct ieee80211_key *); 234 static void iwn_delete_key(struct ieee80211com *, struct ieee80211_node *, 235 struct ieee80211_key *); 236 #endif 237 static int iwn_wme_update(struct ieee80211com *); 238 #ifndef IEEE80211_NO_HT 239 static int iwn_ampdu_rx_start(struct ieee80211com *, 240 struct ieee80211_node *, uint8_t); 241 static void iwn_ampdu_rx_stop(struct ieee80211com *, 242 struct ieee80211_node *, uint8_t); 243 static int iwn_ampdu_tx_start(struct ieee80211com *, 244 struct ieee80211_node *, uint8_t); 245 static void iwn_ampdu_tx_stop(struct ieee80211com *, 246 struct ieee80211_node *, uint8_t); 247 static void iwn4965_ampdu_tx_start(struct iwn_softc *, 248 struct ieee80211_node *, uint8_t, uint16_t); 249 static void iwn4965_ampdu_tx_stop(struct iwn_softc *, 250 uint8_t, uint16_t); 251 static void iwn5000_ampdu_tx_start(struct iwn_softc *, 252 struct ieee80211_node *, uint8_t, uint16_t); 253 static void iwn5000_ampdu_tx_stop(struct iwn_softc *, 254 uint8_t, uint16_t); 255 #endif 256 static int iwn5000_query_calibration(struct iwn_softc *); 257 static int iwn5000_send_calibration(struct iwn_softc *); 258 static int iwn5000_send_wimax_coex(struct iwn_softc *); 259 static int iwn4965_post_alive(struct iwn_softc *); 260 static int iwn5000_post_alive(struct iwn_softc *); 261 static int iwn4965_load_bootcode(struct iwn_softc *, const uint8_t *, 262 int); 263 static int iwn4965_load_firmware(struct iwn_softc *); 264 static int iwn5000_load_firmware_section(struct iwn_softc *, uint32_t, 265 const uint8_t *, int); 266 static int iwn5000_load_firmware(struct iwn_softc *); 267 static int iwn_read_firmware(struct iwn_softc *); 268 static int iwn_clock_wait(struct iwn_softc *); 269 static int iwn_apm_init(struct iwn_softc *); 270 static void iwn_apm_stop_master(struct iwn_softc *); 271 static void iwn_apm_stop(struct iwn_softc *); 272 static int iwn4965_nic_config(struct iwn_softc *); 273 static int iwn5000_nic_config(struct iwn_softc *); 274 static int iwn_hw_prepare(struct iwn_softc *); 275 static int iwn_hw_init(struct iwn_softc *); 276 static void iwn_hw_stop(struct iwn_softc *); 277 static int iwn_init(struct ifnet *); 278 static void iwn_stop(struct ifnet *, int); 279 280 /* XXX MCLGETI alternative */ 281 static struct mbuf *MCLGETIalt(struct iwn_softc *, int, 282 struct ifnet *, u_int); 283 #ifdef IWN_USE_RBUF 284 static struct iwn_rbuf *iwn_alloc_rbuf(struct iwn_softc *); 285 static void iwn_free_rbuf(struct mbuf *, void *, size_t, void *); 286 static int iwn_alloc_rpool(struct iwn_softc *); 287 static void iwn_free_rpool(struct iwn_softc *); 288 #endif 289 290 /* XXX needed by iwn_scan */ 291 static u_int8_t *ieee80211_add_ssid(u_int8_t *, const u_int8_t *, u_int); 292 static u_int8_t *ieee80211_add_rates(u_int8_t *, 293 const struct ieee80211_rateset *); 294 static u_int8_t *ieee80211_add_xrates(u_int8_t *, 295 const struct ieee80211_rateset *); 296 297 static void iwn_fix_channel(struct ieee80211com *, struct mbuf *); 298 299 #ifdef IWN_DEBUG 300 #define DPRINTF(x) do { if (iwn_debug > 0) printf x; } while (0) 301 #define DPRINTFN(n, x) do { if (iwn_debug >= (n)) printf x; } while (0) 302 int iwn_debug = 0; 303 #else 304 #define DPRINTF(x) 305 #define DPRINTFN(n, x) 306 #endif 307 308 static const struct iwn_hal iwn4965_hal = { 309 iwn4965_load_firmware, 310 iwn4965_read_eeprom, 311 iwn4965_post_alive, 312 iwn4965_nic_config, 313 iwn4965_update_sched, 314 iwn4965_get_temperature, 315 iwn4965_get_rssi, 316 iwn4965_set_txpower, 317 iwn4965_init_gains, 318 iwn4965_set_gains, 319 iwn4965_add_node, 320 iwn4965_tx_done, 321 #ifndef IEEE80211_NO_HT 322 iwn4965_ampdu_tx_start, 323 iwn4965_ampdu_tx_stop, 324 #endif 325 IWN4965_NTXQUEUES, 326 IWN4965_NDMACHNLS, 327 IWN4965_ID_BROADCAST, 328 IWN4965_RXONSZ, 329 IWN4965_SCHEDSZ, 330 IWN4965_FW_TEXT_MAXSZ, 331 IWN4965_FW_DATA_MAXSZ, 332 IWN4965_FWSZ, 333 IWN4965_SCHED_TXFACT 334 }; 335 336 static const struct iwn_hal iwn5000_hal = { 337 iwn5000_load_firmware, 338 iwn5000_read_eeprom, 339 iwn5000_post_alive, 340 iwn5000_nic_config, 341 iwn5000_update_sched, 342 iwn5000_get_temperature, 343 iwn5000_get_rssi, 344 iwn5000_set_txpower, 345 iwn5000_init_gains, 346 iwn5000_set_gains, 347 iwn5000_add_node, 348 iwn5000_tx_done, 349 #ifndef IEEE80211_NO_HT 350 iwn5000_ampdu_tx_start, 351 iwn5000_ampdu_tx_stop, 352 #endif 353 IWN5000_NTXQUEUES, 354 IWN5000_NDMACHNLS, 355 IWN5000_ID_BROADCAST, 356 IWN5000_RXONSZ, 357 IWN5000_SCHEDSZ, 358 IWN5000_FW_TEXT_MAXSZ, 359 IWN5000_FW_DATA_MAXSZ, 360 IWN5000_FWSZ, 361 IWN5000_SCHED_TXFACT 362 }; 363 364 CFATTACH_DECL_NEW(iwn, sizeof(struct iwn_softc), iwn_match, iwn_attach, 365 iwn_detach, NULL); 366 367 static int 368 iwn_match(device_t parent, cfdata_t match __unused, void *aux) 369 { 370 struct pci_attach_args *pa = aux; 371 size_t i; 372 373 if (PCI_VENDOR(pa->pa_id) != PCI_VENDOR_INTEL) 374 return 0; 375 376 for (i = 0; i < __arraycount(iwn_devices); i++) 377 if (PCI_PRODUCT(pa->pa_id) == iwn_devices[i]) 378 return 1; 379 380 return 0; 381 } 382 383 static void 384 iwn_attach(device_t parent __unused, device_t self, void *aux) 385 { 386 struct iwn_softc *sc = device_private(self); 387 struct ieee80211com *ic = &sc->sc_ic; 388 struct ifnet *ifp = &sc->sc_ec.ec_if; 389 struct pci_attach_args *pa = aux; 390 const struct iwn_hal *hal; 391 const char *intrstr; 392 char devinfo[256]; 393 pci_intr_handle_t ih; 394 pcireg_t memtype, reg; 395 int i, error; 396 int revision; 397 398 sc->sc_dev = self; 399 sc->sc_pct = pa->pa_pc; 400 sc->sc_pcitag = pa->pa_tag; 401 sc->sc_dmat = pa->pa_dmat; 402 403 callout_init(&sc->calib_to, 0); 404 callout_setfunc(&sc->calib_to, iwn_calib_timeout, sc); 405 406 pci_devinfo(pa->pa_id, pa->pa_class, 0, devinfo, sizeof devinfo); 407 revision = PCI_REVISION(pa->pa_class); 408 aprint_normal(": %s (rev. 0x%02x)\n", devinfo, revision); 409 410 /* 411 * Get the offset of the PCI Express Capability Structure in PCI 412 * Configuration Space. 413 */ 414 error = pci_get_capability(sc->sc_pct, sc->sc_pcitag, 415 PCI_CAP_PCIEXPRESS, &sc->sc_cap_off, NULL); 416 if (error == 0) { 417 aprint_error(": PCIe capability structure not found!\n"); 418 return; 419 } 420 421 /* Clear device-specific "PCI retry timeout" register (41h). */ 422 reg = pci_conf_read(sc->sc_pct, sc->sc_pcitag, 0x40); 423 reg &= ~0xff00; 424 pci_conf_write(sc->sc_pct, sc->sc_pcitag, 0x40, reg); 425 426 /* Enable bus-mastering and hardware bug workaround. */ 427 /* XXX verify the bus-mastering is really needed (not in OpenBSD) */ 428 reg = pci_conf_read(sc->sc_pct, sc->sc_pcitag, PCI_COMMAND_STATUS_REG); 429 reg |= PCI_COMMAND_MASTER_ENABLE; 430 if (reg & PCI_COMMAND_INTERRUPT_DISABLE) { 431 DPRINTF(("PCIe INTx Disable set\n")); 432 reg &= ~PCI_COMMAND_INTERRUPT_DISABLE; 433 } 434 pci_conf_write(sc->sc_pct, sc->sc_pcitag, PCI_COMMAND_STATUS_REG, reg); 435 436 memtype = pci_mapreg_type(pa->pa_pc, pa->pa_tag, IWN_PCI_BAR0); 437 error = pci_mapreg_map(pa, IWN_PCI_BAR0, memtype, 0, &sc->sc_st, 438 &sc->sc_sh, NULL, &sc->sc_sz); 439 if (error != 0) { 440 aprint_error(": can't map mem space\n"); 441 return; 442 } 443 444 /* Install interrupt handler. */ 445 if (pci_intr_map(pa, &ih) != 0) { 446 aprint_error(": can't map interrupt\n"); 447 return; 448 } 449 intrstr = pci_intr_string(sc->sc_pct, ih); 450 sc->sc_ih = pci_intr_establish(sc->sc_pct, ih, IPL_NET, iwn_intr, sc); 451 if (sc->sc_ih == NULL) { 452 aprint_error(": can't establish interrupt"); 453 if (intrstr != NULL) 454 aprint_error(" at %s", intrstr); 455 aprint_error("\n"); 456 return; 457 } 458 aprint_normal_dev(self, "interrupting at %s\n", intrstr); 459 460 /* Attach Hardware Abstraction Layer. */ 461 hal = iwn_hal_attach(sc, PCI_PRODUCT(pa->pa_id)); 462 if (hal == NULL) 463 return; 464 465 if ((error = iwn_hw_prepare(sc)) != 0) { 466 aprint_error(": hardware not ready\n"); 467 return; 468 } 469 470 /* Read MAC address, channels, etc from EEPROM. */ 471 if ((error = iwn_read_eeprom(sc)) != 0) { 472 aprint_error(": could not read EEPROM\n"); 473 return; 474 } 475 476 /* Allocate DMA memory for firmware transfers. */ 477 if ((error = iwn_alloc_fwmem(sc)) != 0) { 478 aprint_error(": could not allocate memory for firmware\n"); 479 return; 480 } 481 482 /* Allocate "Keep Warm" page. */ 483 if ((error = iwn_alloc_kw(sc)) != 0) { 484 aprint_error(": could not allocate keep warm page\n"); 485 goto fail1; 486 } 487 488 /* Allocate ICT table for 5000 Series. */ 489 if (sc->hw_type != IWN_HW_REV_TYPE_4965 && 490 (error = iwn_alloc_ict(sc)) != 0) { 491 aprint_error(": could not allocate ICT table\n"); 492 goto fail2; 493 } 494 495 /* Allocate TX scheduler "rings". */ 496 if ((error = iwn_alloc_sched(sc)) != 0) { 497 aprint_error(": could not allocate TX scheduler rings\n"); 498 goto fail3; 499 } 500 501 #ifdef IWN_USE_RBUF 502 /* Allocate RX buffers. */ 503 if ((error = iwn_alloc_rpool(sc)) != 0) { 504 aprint_error_dev(self, "could not allocate RX buffers\n"); 505 goto fail3; 506 } 507 #endif 508 509 /* Allocate TX rings (16 on 4965AGN, 20 on 5000.) */ 510 for (i = 0; i < hal->ntxqs; i++) { 511 if ((error = iwn_alloc_tx_ring(sc, &sc->txq[i], i)) != 0) { 512 aprint_error(": could not allocate TX ring %d\n", i); 513 goto fail4; 514 } 515 } 516 517 /* Allocate RX ring. */ 518 if ((error = iwn_alloc_rx_ring(sc, &sc->rxq)) != 0) { 519 aprint_error(": could not allocate RX ring\n"); 520 goto fail4; 521 } 522 523 /* Clear pending interrupts. */ 524 IWN_WRITE(sc, IWN_INT, 0xffffffff); 525 526 /* Count the number of available chains. */ 527 sc->ntxchains = 528 ((sc->txchainmask >> 2) & 1) + 529 ((sc->txchainmask >> 1) & 1) + 530 ((sc->txchainmask >> 0) & 1); 531 sc->nrxchains = 532 ((sc->rxchainmask >> 2) & 1) + 533 ((sc->rxchainmask >> 1) & 1) + 534 ((sc->rxchainmask >> 0) & 1); 535 aprint_normal_dev(self, "MIMO %dT%dR, %.4s, address %s\n", 536 sc->ntxchains, sc->nrxchains, sc->eeprom_domain, 537 ether_sprintf(ic->ic_myaddr)); 538 539 ic->ic_ifp = ifp; 540 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 541 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 542 ic->ic_state = IEEE80211_S_INIT; 543 544 /* Set device capabilities. */ 545 /* XXX OpenBSD has IEEE80211_C_WEP, IEEE80211_C_RSN, 546 * and IEEE80211_C_PMGT too. */ 547 ic->ic_caps = 548 IEEE80211_C_IBSS | /* IBSS mode support */ 549 IEEE80211_C_WPA | /* 802.11i */ 550 IEEE80211_C_MONITOR | /* monitor mode supported */ 551 IEEE80211_C_TXPMGT | /* tx power management */ 552 IEEE80211_C_SHSLOT | /* short slot time supported */ 553 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 554 IEEE80211_C_WME; /* 802.11e */ 555 556 #ifndef IEEE80211_NO_HT 557 /* Set HT capabilities. */ 558 ic->ic_htcaps = 559 #if IWN_RBUF_SIZE == 8192 560 IEEE80211_HTCAP_AMSDU7935 | 561 #endif 562 IEEE80211_HTCAP_CBW20_40 | 563 IEEE80211_HTCAP_SGI20 | 564 IEEE80211_HTCAP_SGI40; 565 if (sc->hw_type != IWN_HW_REV_TYPE_4965) 566 ic->ic_htcaps |= IEEE80211_HTCAP_GF; 567 if (sc->hw_type == IWN_HW_REV_TYPE_6050) 568 ic->ic_htcaps |= IEEE80211_HTCAP_SMPS_DYN; 569 else 570 ic->ic_htcaps |= IEEE80211_HTCAP_SMPS_DIS; 571 #endif /* !IEEE80211_NO_HT */ 572 573 /* Set supported legacy rates. */ 574 ic->ic_sup_rates[IEEE80211_MODE_11B] = iwn_rateset_11b; 575 ic->ic_sup_rates[IEEE80211_MODE_11G] = iwn_rateset_11g; 576 if (sc->sc_flags & IWN_FLAG_HAS_5GHZ) { 577 ic->ic_sup_rates[IEEE80211_MODE_11A] = iwn_rateset_11a; 578 } 579 #ifndef IEEE80211_NO_HT 580 /* Set supported HT rates. */ 581 ic->ic_sup_mcs[0] = 0xff; 582 if (sc->nrxchains > 1) /* MCS 0-7 */ 583 ic->ic_sup_mcs[1] = 0xff; /* MCS 7-15 */ 584 if (sc->nrxchains > 2) 585 ic->ic_sup_mcs[2] = 0xff; /* MCS 16-23 */ 586 #endif 587 588 /* IBSS channel undefined for now. */ 589 ic->ic_ibss_chan = &ic->ic_channels[0]; 590 591 ifp->if_softc = sc; 592 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 593 ifp->if_init = iwn_init; 594 ifp->if_ioctl = iwn_ioctl; 595 ifp->if_start = iwn_start; 596 ifp->if_watchdog = iwn_watchdog; 597 IFQ_SET_READY(&ifp->if_snd); 598 memcpy(ifp->if_xname, device_xname(self), IFNAMSIZ); 599 600 if_attach(ifp); 601 ieee80211_ifattach(ic); 602 ic->ic_node_alloc = iwn_node_alloc; 603 ic->ic_newassoc = iwn_newassoc; 604 #ifdef IWN_HWCRYPTO 605 ic->ic_crypto.cs_key_set = iwn_set_key; 606 ic->ic_crypto.cs_key_delete = iwn_delete_key; 607 #endif 608 ic->ic_wme.wme_update = iwn_wme_update; 609 #ifndef IEEE80211_NO_HT 610 ic->ic_ampdu_rx_start = iwn_ampdu_rx_start; 611 ic->ic_ampdu_rx_stop = iwn_ampdu_rx_stop; 612 ic->ic_ampdu_tx_start = iwn_ampdu_tx_start; 613 ic->ic_ampdu_tx_stop = iwn_ampdu_tx_stop; 614 #endif 615 616 /* Override 802.11 state transition machine. */ 617 sc->sc_newstate = ic->ic_newstate; 618 ic->ic_newstate = iwn_newstate; 619 ieee80211_media_init(ic, iwn_media_change, ieee80211_media_status); 620 621 sc->amrr.amrr_min_success_threshold = 1; 622 sc->amrr.amrr_max_success_threshold = 15; 623 624 #ifndef SMALL_KERNEL 625 iwn_sensor_attach(sc); 626 #endif 627 iwn_radiotap_attach(sc); 628 629 /* 630 * XXX for NetBSD, OpenBSD timeout_set replaced by 631 * callout_init and callout_setfunc, above. 632 */ 633 634 if (pmf_device_register(self, NULL, iwn_resume)) 635 pmf_class_network_register(self, ifp); 636 else 637 aprint_error_dev(self, "couldn't establish power handler\n"); 638 639 /* XXX NetBSD add call to ieee80211_announce for dmesg. */ 640 ieee80211_announce(ic); 641 642 return; 643 644 /* Free allocated memory if something failed during attachment. */ 645 fail4: while (--i >= 0) 646 iwn_free_tx_ring(sc, &sc->txq[i]); 647 #ifdef IWN_USE_RBUF 648 iwn_free_rpool(sc); 649 #endif 650 iwn_free_sched(sc); 651 fail3: if (sc->ict != NULL) 652 iwn_free_ict(sc); 653 fail2: iwn_free_kw(sc); 654 fail1: iwn_free_fwmem(sc); 655 } 656 657 const struct iwn_hal * 658 iwn_hal_attach(struct iwn_softc *sc, pci_product_id_t pid) 659 { 660 sc->hw_type = (IWN_READ(sc, IWN_HW_REV) >> 4) & 0xf; 661 662 switch (sc->hw_type) { 663 case IWN_HW_REV_TYPE_4965: 664 sc->sc_hal = &iwn4965_hal; 665 sc->limits = &iwn4965_sensitivity_limits; 666 sc->fwname = "iwlwifi-4965-2.ucode"; 667 sc->txchainmask = IWN_ANT_AB; 668 sc->rxchainmask = IWN_ANT_ABC; 669 break; 670 case IWN_HW_REV_TYPE_5100: 671 sc->sc_hal = &iwn5000_hal; 672 sc->limits = &iwn5000_sensitivity_limits; 673 sc->fwname = "iwlwifi-5000-2.ucode"; 674 sc->txchainmask = IWN_ANT_B; 675 sc->rxchainmask = IWN_ANT_AB; 676 break; 677 case IWN_HW_REV_TYPE_5150: 678 sc->sc_hal = &iwn5000_hal; 679 sc->limits = &iwn5150_sensitivity_limits; 680 sc->fwname = "iwlwifi-5150-2.ucode"; 681 sc->txchainmask = IWN_ANT_A; 682 sc->rxchainmask = IWN_ANT_AB; 683 break; 684 case IWN_HW_REV_TYPE_5300: 685 case IWN_HW_REV_TYPE_5350: 686 sc->sc_hal = &iwn5000_hal; 687 sc->limits = &iwn5000_sensitivity_limits; 688 sc->fwname = "iwlwifi-5000-2.ucode"; 689 sc->txchainmask = IWN_ANT_ABC; 690 sc->rxchainmask = IWN_ANT_ABC; 691 break; 692 case IWN_HW_REV_TYPE_1000: 693 sc->sc_hal = &iwn5000_hal; 694 sc->limits = &iwn1000_sensitivity_limits; 695 sc->fwname = "iwlwifi-1000-3.ucode"; 696 sc->txchainmask = IWN_ANT_A; 697 sc->rxchainmask = IWN_ANT_AB; 698 break; 699 case IWN_HW_REV_TYPE_6000: 700 sc->sc_hal = &iwn5000_hal; 701 sc->limits = &iwn6000_sensitivity_limits; 702 sc->fwname = "iwlwifi-6000-4.ucode"; 703 switch (pid) { 704 case PCI_PRODUCT_INTEL_WIFI_LINK_6000_IPA_1: 705 case PCI_PRODUCT_INTEL_WIFI_LINK_6000_IPA_2: 706 sc->sc_flags |= IWN_FLAG_INTERNAL_PA; 707 sc->txchainmask = IWN_ANT_BC; 708 sc->rxchainmask = IWN_ANT_BC; 709 break; 710 default: 711 sc->txchainmask = IWN_ANT_ABC; 712 sc->rxchainmask = IWN_ANT_ABC; 713 break; 714 } 715 break; 716 case IWN_HW_REV_TYPE_6050: 717 sc->sc_hal = &iwn5000_hal; 718 sc->limits = &iwn6000_sensitivity_limits; 719 sc->fwname = "iwlwifi-6050-2.ucode"; 720 sc->txchainmask = IWN_ANT_AB; 721 sc->rxchainmask = IWN_ANT_AB; 722 break; 723 case IWN_HW_REV_TYPE_6005: 724 sc->sc_hal = &iwn5000_hal; 725 sc->limits = &iwn6000_sensitivity_limits; 726 sc->fwname = "iwlwifi-6005-2.ucode"; 727 sc->txchainmask = IWN_ANT_AB; 728 sc->rxchainmask = IWN_ANT_AB; 729 break; 730 default: 731 aprint_normal(": adapter type %d not supported\n", sc->hw_type); 732 return NULL; 733 } 734 return sc->sc_hal; 735 } 736 737 #ifndef SMALL_KERNEL 738 /* 739 * Attach the adapter on-board thermal sensor to the sensors framework. 740 */ 741 static void 742 iwn_sensor_attach(struct iwn_softc *sc) 743 { 744 int error; 745 746 sc->sc_sensor.units = ENVSYS_STEMP; 747 #if 0 748 /* XXX something like this ought to work */ 749 sc->sc_sensor.flags = ENVSYS_FMONLIMITS | ENVSYS_FMONNOTSUPP; 750 sc->sc_sensor.limits.sel_critmax = IWN_CTOK(110); 751 #endif 752 strlcpy((sc->sc_sensor.desc), "TEMP", sizeof(sc->sc_sensor.desc)); 753 754 /* Temperature is not valid unless interface is up. */ 755 sc->sc_sensor.value_cur = 0; 756 sc->sc_sensor.state = ENVSYS_SINVALID; 757 758 sc->sc_sme = sysmon_envsys_create(); 759 760 /* Initialize sensor */ 761 if (sysmon_envsys_sensor_attach(sc->sc_sme, &sc->sc_sensor)) { 762 sysmon_envsys_destroy(sc->sc_sme); 763 return; 764 } 765 766 /* 767 * Hook into the System Monitor. 768 */ 769 sc->sc_sme->sme_name = device_xname(sc->sc_dev); 770 sc->sc_sme->sme_flags = SME_DISABLE_REFRESH; 771 772 if ((error = sysmon_envsys_register(sc->sc_sme)) != 0) { 773 aprint_error_dev(sc->sc_dev, 774 "unable to register with sysmon (%d)\n", error); 775 sysmon_envsys_destroy(sc->sc_sme); 776 return; 777 } 778 } 779 #endif 780 781 /* 782 * Attach the interface to 802.11 radiotap. 783 */ 784 static void 785 iwn_radiotap_attach(struct iwn_softc *sc) 786 { 787 struct ifnet *ifp = sc->sc_ic.ic_ifp; 788 789 bpf_attach2(ifp, DLT_IEEE802_11_RADIO, 790 sizeof (struct ieee80211_frame) + IEEE80211_RADIOTAP_HDRLEN, 791 &sc->sc_drvbpf); 792 793 sc->sc_rxtap_len = sizeof sc->sc_rxtapu; 794 sc->sc_rxtap.wr_ihdr.it_len = htole16(sc->sc_rxtap_len); 795 sc->sc_rxtap.wr_ihdr.it_present = htole32(IWN_RX_RADIOTAP_PRESENT); 796 797 sc->sc_txtap_len = sizeof sc->sc_txtapu; 798 sc->sc_txtap.wt_ihdr.it_len = htole16(sc->sc_txtap_len); 799 sc->sc_txtap.wt_ihdr.it_present = htole32(IWN_TX_RADIOTAP_PRESENT); 800 } 801 802 static int 803 iwn_detach(device_t self, int flags __unused) 804 { 805 struct iwn_softc *sc = device_private(self); 806 struct ifnet *ifp = sc->sc_ic.ic_ifp; 807 int qid; 808 809 callout_stop(&sc->calib_to); 810 811 /* Uninstall interrupt handler. */ 812 if (sc->sc_ih != NULL) 813 pci_intr_disestablish(sc->sc_pct, sc->sc_ih); 814 815 /* Free DMA resources. */ 816 iwn_free_rx_ring(sc, &sc->rxq); 817 for (qid = 0; qid < sc->sc_hal->ntxqs; qid++) 818 iwn_free_tx_ring(sc, &sc->txq[qid]); 819 #ifdef IWN_USE_RBUF 820 iwn_free_rpool(sc); 821 #endif 822 iwn_free_sched(sc); 823 iwn_free_kw(sc); 824 if (sc->ict != NULL) 825 iwn_free_ict(sc); 826 iwn_free_fwmem(sc); 827 828 bus_space_unmap(sc->sc_st, sc->sc_sh, sc->sc_sz); 829 830 #ifndef SMALL_KERNEL 831 /* Detach the thermal sensor. */ 832 sysmon_envsys_sensor_detach(sc->sc_sme, &sc->sc_sensor); 833 sysmon_envsys_destroy(sc->sc_sme); 834 #endif 835 836 ieee80211_ifdetach(&sc->sc_ic); 837 if_detach(ifp); 838 839 return 0; 840 } 841 842 #if 0 843 /* 844 * XXX Investigate if clearing the PCI retry timeout could eliminate 845 * the repeated scan calls. Also the calls to if_init and if_start 846 * are similar to the effect of adding the call to ifioctl_common . 847 */ 848 static void 849 iwn_power(int why, void *arg) 850 { 851 struct iwn_softc *sc = arg; 852 struct ifnet *ifp; 853 pcireg_t reg; 854 int s; 855 856 if (why != PWR_RESUME) 857 return; 858 859 /* Clear device-specific "PCI retry timeout" register (41h). */ 860 reg = pci_conf_read(sc->sc_pct, sc->sc_pcitag, 0x40); 861 reg &= ~0xff00; 862 pci_conf_write(sc->sc_pct, sc->sc_pcitag, 0x40, reg); 863 864 s = splnet(); 865 ifp = &sc->sc_ic.ic_if; 866 if (ifp->if_flags & IFF_UP) { 867 ifp->if_init(ifp); 868 if (ifp->if_flags & IFF_RUNNING) 869 ifp->if_start(ifp); 870 } 871 splx(s); 872 } 873 #endif 874 875 static bool 876 iwn_resume(device_t dv, const pmf_qual_t *qual) 877 { 878 return true; 879 } 880 881 static int 882 iwn_nic_lock(struct iwn_softc *sc) 883 { 884 int ntries; 885 886 /* Request exclusive access to NIC. */ 887 IWN_SETBITS(sc, IWN_GP_CNTRL, IWN_GP_CNTRL_MAC_ACCESS_REQ); 888 889 /* Spin until we actually get the lock. */ 890 for (ntries = 0; ntries < 1000; ntries++) { 891 if ((IWN_READ(sc, IWN_GP_CNTRL) & 892 (IWN_GP_CNTRL_MAC_ACCESS_ENA | IWN_GP_CNTRL_SLEEP)) == 893 IWN_GP_CNTRL_MAC_ACCESS_ENA) 894 return 0; 895 DELAY(10); 896 } 897 return ETIMEDOUT; 898 } 899 900 static __inline void 901 iwn_nic_unlock(struct iwn_softc *sc) 902 { 903 IWN_CLRBITS(sc, IWN_GP_CNTRL, IWN_GP_CNTRL_MAC_ACCESS_REQ); 904 } 905 906 static __inline uint32_t 907 iwn_prph_read(struct iwn_softc *sc, uint32_t addr) 908 { 909 IWN_WRITE(sc, IWN_PRPH_RADDR, IWN_PRPH_DWORD | addr); 910 IWN_BARRIER_READ_WRITE(sc); 911 return IWN_READ(sc, IWN_PRPH_RDATA); 912 } 913 914 static __inline void 915 iwn_prph_write(struct iwn_softc *sc, uint32_t addr, uint32_t data) 916 { 917 IWN_WRITE(sc, IWN_PRPH_WADDR, IWN_PRPH_DWORD | addr); 918 IWN_BARRIER_WRITE(sc); 919 IWN_WRITE(sc, IWN_PRPH_WDATA, data); 920 } 921 922 static __inline void 923 iwn_prph_setbits(struct iwn_softc *sc, uint32_t addr, uint32_t mask) 924 { 925 iwn_prph_write(sc, addr, iwn_prph_read(sc, addr) | mask); 926 } 927 928 static __inline void 929 iwn_prph_clrbits(struct iwn_softc *sc, uint32_t addr, uint32_t mask) 930 { 931 iwn_prph_write(sc, addr, iwn_prph_read(sc, addr) & ~mask); 932 } 933 934 static __inline void 935 iwn_prph_write_region_4(struct iwn_softc *sc, uint32_t addr, 936 const uint32_t *data, int count) 937 { 938 for (; count > 0; count--, data++, addr += 4) 939 iwn_prph_write(sc, addr, *data); 940 } 941 942 static __inline uint32_t 943 iwn_mem_read(struct iwn_softc *sc, uint32_t addr) 944 { 945 IWN_WRITE(sc, IWN_MEM_RADDR, addr); 946 IWN_BARRIER_READ_WRITE(sc); 947 return IWN_READ(sc, IWN_MEM_RDATA); 948 } 949 950 static __inline void 951 iwn_mem_write(struct iwn_softc *sc, uint32_t addr, uint32_t data) 952 { 953 IWN_WRITE(sc, IWN_MEM_WADDR, addr); 954 IWN_BARRIER_WRITE(sc); 955 IWN_WRITE(sc, IWN_MEM_WDATA, data); 956 } 957 958 static __inline void 959 iwn_mem_write_2(struct iwn_softc *sc, uint32_t addr, uint16_t data) 960 { 961 uint32_t tmp; 962 963 tmp = iwn_mem_read(sc, addr & ~3); 964 if (addr & 3) 965 tmp = (tmp & 0x0000ffff) | data << 16; 966 else 967 tmp = (tmp & 0xffff0000) | data; 968 iwn_mem_write(sc, addr & ~3, tmp); 969 } 970 971 static __inline void 972 iwn_mem_read_region_4(struct iwn_softc *sc, uint32_t addr, uint32_t *data, 973 int count) 974 { 975 for (; count > 0; count--, addr += 4) 976 *data++ = iwn_mem_read(sc, addr); 977 } 978 979 static __inline void 980 iwn_mem_set_region_4(struct iwn_softc *sc, uint32_t addr, uint32_t val, 981 int count) 982 { 983 for (; count > 0; count--, addr += 4) 984 iwn_mem_write(sc, addr, val); 985 } 986 987 static int 988 iwn_eeprom_lock(struct iwn_softc *sc) 989 { 990 int i, ntries; 991 992 for (i = 0; i < 100; i++) { 993 /* Request exclusive access to EEPROM. */ 994 IWN_SETBITS(sc, IWN_HW_IF_CONFIG, 995 IWN_HW_IF_CONFIG_EEPROM_LOCKED); 996 997 /* Spin until we actually get the lock. */ 998 for (ntries = 0; ntries < 100; ntries++) { 999 if (IWN_READ(sc, IWN_HW_IF_CONFIG) & 1000 IWN_HW_IF_CONFIG_EEPROM_LOCKED) 1001 return 0; 1002 DELAY(10); 1003 } 1004 } 1005 return ETIMEDOUT; 1006 } 1007 1008 static __inline void 1009 iwn_eeprom_unlock(struct iwn_softc *sc) 1010 { 1011 IWN_CLRBITS(sc, IWN_HW_IF_CONFIG, IWN_HW_IF_CONFIG_EEPROM_LOCKED); 1012 } 1013 1014 /* 1015 * Initialize access by host to One Time Programmable ROM. 1016 * NB: This kind of ROM can be found on 1000 or 6000 Series only. 1017 */ 1018 static int 1019 iwn_init_otprom(struct iwn_softc *sc) 1020 { 1021 uint16_t prev = 0, base, next; 1022 int count, error; 1023 1024 /* Wait for clock stabilization before accessing prph. */ 1025 if ((error = iwn_clock_wait(sc)) != 0) 1026 return error; 1027 1028 if ((error = iwn_nic_lock(sc)) != 0) 1029 return error; 1030 iwn_prph_setbits(sc, IWN_APMG_PS, IWN_APMG_PS_RESET_REQ); 1031 DELAY(5); 1032 iwn_prph_clrbits(sc, IWN_APMG_PS, IWN_APMG_PS_RESET_REQ); 1033 iwn_nic_unlock(sc); 1034 1035 /* Set auto clock gate disable bit for HW with OTP shadow RAM. */ 1036 if (sc->hw_type != IWN_HW_REV_TYPE_1000) { 1037 IWN_SETBITS(sc, IWN_DBG_LINK_PWR_MGMT, 1038 IWN_RESET_LINK_PWR_MGMT_DIS); 1039 } 1040 IWN_CLRBITS(sc, IWN_EEPROM_GP, IWN_EEPROM_GP_IF_OWNER); 1041 /* Clear ECC status. */ 1042 IWN_SETBITS(sc, IWN_OTP_GP, 1043 IWN_OTP_GP_ECC_CORR_STTS | IWN_OTP_GP_ECC_UNCORR_STTS); 1044 1045 /* 1046 * Find the block before last block (contains the EEPROM image) 1047 * for HW without OTP shadow RAM. 1048 */ 1049 if (sc->hw_type == IWN_HW_REV_TYPE_1000) { 1050 /* Switch to absolute addressing mode. */ 1051 IWN_CLRBITS(sc, IWN_OTP_GP, IWN_OTP_GP_RELATIVE_ACCESS); 1052 base = 0; 1053 for (count = 0; count < IWN1000_OTP_NBLOCKS; count++) { 1054 error = iwn_read_prom_data(sc, base, &next, 2); 1055 if (error != 0) 1056 return error; 1057 if (next == 0) /* End of linked-list. */ 1058 break; 1059 prev = base; 1060 base = le16toh(next); 1061 } 1062 if (count == 0 || count == IWN1000_OTP_NBLOCKS) 1063 return EIO; 1064 /* Skip "next" word. */ 1065 sc->prom_base = prev + 1; 1066 } 1067 return 0; 1068 } 1069 1070 static int 1071 iwn_read_prom_data(struct iwn_softc *sc, uint32_t addr, void *data, int count) 1072 { 1073 uint8_t *out = data; 1074 uint32_t val, tmp; 1075 int ntries; 1076 1077 addr += sc->prom_base; 1078 for (; count > 0; count -= 2, addr++) { 1079 IWN_WRITE(sc, IWN_EEPROM, addr << 2); 1080 for (ntries = 0; ntries < 10; ntries++) { 1081 val = IWN_READ(sc, IWN_EEPROM); 1082 if (val & IWN_EEPROM_READ_VALID) 1083 break; 1084 DELAY(5); 1085 } 1086 if (ntries == 10) { 1087 aprint_error_dev(sc->sc_dev, 1088 "timeout reading ROM at 0x%x\n", addr); 1089 return ETIMEDOUT; 1090 } 1091 if (sc->sc_flags & IWN_FLAG_HAS_OTPROM) { 1092 /* OTPROM, check for ECC errors. */ 1093 tmp = IWN_READ(sc, IWN_OTP_GP); 1094 if (tmp & IWN_OTP_GP_ECC_UNCORR_STTS) { 1095 aprint_error_dev(sc->sc_dev, 1096 "OTPROM ECC error at 0x%x\n", addr); 1097 return EIO; 1098 } 1099 if (tmp & IWN_OTP_GP_ECC_CORR_STTS) { 1100 /* Correctable ECC error, clear bit. */ 1101 IWN_SETBITS(sc, IWN_OTP_GP, 1102 IWN_OTP_GP_ECC_CORR_STTS); 1103 } 1104 } 1105 *out++ = val >> 16; 1106 if (count > 1) 1107 *out++ = val >> 24; 1108 } 1109 return 0; 1110 } 1111 1112 static int 1113 iwn_dma_contig_alloc(bus_dma_tag_t tag, struct iwn_dma_info *dma, void **kvap, 1114 bus_size_t size, bus_size_t alignment) 1115 { 1116 int nsegs, error; 1117 1118 dma->tag = tag; 1119 dma->size = size; 1120 1121 error = bus_dmamap_create(tag, size, 1, size, 0, BUS_DMA_NOWAIT, 1122 &dma->map); 1123 if (error != 0) 1124 goto fail; 1125 1126 error = bus_dmamem_alloc(tag, size, alignment, 0, &dma->seg, 1, &nsegs, 1127 BUS_DMA_NOWAIT); /* XXX OpenBSD adds BUS_DMA_ZERO */ 1128 if (error != 0) 1129 goto fail; 1130 1131 error = bus_dmamem_map(tag, &dma->seg, 1, size, &dma->vaddr, 1132 BUS_DMA_NOWAIT); /* XXX OpenBSD adds BUS_DMA_COHERENT */ 1133 if (error != 0) 1134 goto fail; 1135 1136 error = bus_dmamap_load(tag, dma->map, dma->vaddr, size, NULL, 1137 BUS_DMA_NOWAIT); 1138 if (error != 0) 1139 goto fail; 1140 1141 /* XXX Presumably needed because of missing BUS_DMA_ZERO, above. */ 1142 memset(dma->vaddr, 0, size); 1143 bus_dmamap_sync(tag, dma->map, 0, size, BUS_DMASYNC_PREWRITE); 1144 1145 dma->paddr = dma->map->dm_segs[0].ds_addr; 1146 if (kvap != NULL) 1147 *kvap = dma->vaddr; 1148 1149 return 0; 1150 1151 fail: iwn_dma_contig_free(dma); 1152 return error; 1153 } 1154 1155 static void 1156 iwn_dma_contig_free(struct iwn_dma_info *dma) 1157 { 1158 if (dma->map != NULL) { 1159 if (dma->vaddr != NULL) { 1160 bus_dmamap_sync(dma->tag, dma->map, 0, dma->size, 1161 BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE); 1162 bus_dmamap_unload(dma->tag, dma->map); 1163 bus_dmamem_unmap(dma->tag, dma->vaddr, dma->size); 1164 bus_dmamem_free(dma->tag, &dma->seg, 1); 1165 dma->vaddr = NULL; 1166 } 1167 bus_dmamap_destroy(dma->tag, dma->map); 1168 dma->map = NULL; 1169 } 1170 } 1171 1172 static int 1173 iwn_alloc_sched(struct iwn_softc *sc) 1174 { 1175 /* TX scheduler rings must be aligned on a 1KB boundary. */ 1176 return iwn_dma_contig_alloc(sc->sc_dmat, &sc->sched_dma, 1177 (void **)&sc->sched, sc->sc_hal->schedsz, 1024); 1178 } 1179 1180 static void 1181 iwn_free_sched(struct iwn_softc *sc) 1182 { 1183 iwn_dma_contig_free(&sc->sched_dma); 1184 } 1185 1186 static int 1187 iwn_alloc_kw(struct iwn_softc *sc) 1188 { 1189 /* "Keep Warm" page must be aligned on a 4KB boundary. */ 1190 return iwn_dma_contig_alloc(sc->sc_dmat, &sc->kw_dma, NULL, 4096, 1191 4096); 1192 } 1193 1194 static void 1195 iwn_free_kw(struct iwn_softc *sc) 1196 { 1197 iwn_dma_contig_free(&sc->kw_dma); 1198 } 1199 1200 static int 1201 iwn_alloc_ict(struct iwn_softc *sc) 1202 { 1203 /* ICT table must be aligned on a 4KB boundary. */ 1204 return iwn_dma_contig_alloc(sc->sc_dmat, &sc->ict_dma, 1205 (void **)&sc->ict, IWN_ICT_SIZE, 4096); 1206 } 1207 1208 static void 1209 iwn_free_ict(struct iwn_softc *sc) 1210 { 1211 iwn_dma_contig_free(&sc->ict_dma); 1212 } 1213 1214 static int 1215 iwn_alloc_fwmem(struct iwn_softc *sc) 1216 { 1217 /* Must be aligned on a 16-byte boundary. */ 1218 return iwn_dma_contig_alloc(sc->sc_dmat, &sc->fw_dma, NULL, 1219 sc->sc_hal->fwsz, 16); 1220 } 1221 1222 static void 1223 iwn_free_fwmem(struct iwn_softc *sc) 1224 { 1225 iwn_dma_contig_free(&sc->fw_dma); 1226 } 1227 1228 static int 1229 iwn_alloc_rx_ring(struct iwn_softc *sc, struct iwn_rx_ring *ring) 1230 { 1231 bus_size_t size; 1232 int i, error; 1233 1234 ring->cur = 0; 1235 1236 /* Allocate RX descriptors (256-byte aligned.) */ 1237 size = IWN_RX_RING_COUNT * sizeof (uint32_t); 1238 error = iwn_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, 1239 (void **)&ring->desc, size, 256); 1240 if (error != 0) { 1241 aprint_error_dev(sc->sc_dev, 1242 "could not allocate RX ring DMA memory\n"); 1243 goto fail; 1244 } 1245 1246 /* Allocate RX status area (16-byte aligned.) */ 1247 error = iwn_dma_contig_alloc(sc->sc_dmat, &ring->stat_dma, 1248 (void **)&ring->stat, sizeof (struct iwn_rx_status), 16); 1249 if (error != 0) { 1250 aprint_error_dev(sc->sc_dev, 1251 "could not allocate RX status DMA memory\n"); 1252 goto fail; 1253 } 1254 1255 /* 1256 * Allocate and map RX buffers. 1257 */ 1258 for (i = 0; i < IWN_RX_RING_COUNT; i++) { 1259 struct iwn_rx_data *data = &ring->data[i]; 1260 1261 error = bus_dmamap_create(sc->sc_dmat, IWN_RBUF_SIZE, 1, 1262 IWN_RBUF_SIZE, 0, BUS_DMA_NOWAIT | BUS_DMA_ALLOCNOW, 1263 &data->map); 1264 if (error != 0) { 1265 aprint_error_dev(sc->sc_dev, 1266 "could not create RX buf DMA map\n"); 1267 goto fail; 1268 } 1269 1270 data->m = MCLGETIalt(sc, M_DONTWAIT, NULL, IWN_RBUF_SIZE); 1271 if (data->m == NULL) { 1272 aprint_error_dev(sc->sc_dev, 1273 "could not allocate RX mbuf\n"); 1274 error = ENOBUFS; 1275 goto fail; 1276 } 1277 1278 error = bus_dmamap_load(sc->sc_dmat, data->map, 1279 mtod(data->m, void *), IWN_RBUF_SIZE, NULL, 1280 BUS_DMA_NOWAIT | BUS_DMA_READ); 1281 if (error != 0) { 1282 aprint_error_dev(sc->sc_dev, 1283 "can't not map mbuf (error %d)\n", error); 1284 goto fail; 1285 } 1286 1287 /* Set physical address of RX buffer (256-byte aligned.) */ 1288 ring->desc[i] = htole32(data->map->dm_segs[0].ds_addr >> 8); 1289 } 1290 1291 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map, 0, size, 1292 BUS_DMASYNC_PREWRITE); 1293 1294 return 0; 1295 1296 fail: iwn_free_rx_ring(sc, ring); 1297 return error; 1298 } 1299 1300 static void 1301 iwn_reset_rx_ring(struct iwn_softc *sc, struct iwn_rx_ring *ring) 1302 { 1303 int ntries; 1304 1305 if (iwn_nic_lock(sc) == 0) { 1306 IWN_WRITE(sc, IWN_FH_RX_CONFIG, 0); 1307 for (ntries = 0; ntries < 1000; ntries++) { 1308 if (IWN_READ(sc, IWN_FH_RX_STATUS) & 1309 IWN_FH_RX_STATUS_IDLE) 1310 break; 1311 DELAY(10); 1312 } 1313 iwn_nic_unlock(sc); 1314 } 1315 ring->cur = 0; 1316 sc->last_rx_valid = 0; 1317 } 1318 1319 static void 1320 iwn_free_rx_ring(struct iwn_softc *sc, struct iwn_rx_ring *ring) 1321 { 1322 int i; 1323 1324 iwn_dma_contig_free(&ring->desc_dma); 1325 iwn_dma_contig_free(&ring->stat_dma); 1326 1327 for (i = 0; i < IWN_RX_RING_COUNT; i++) { 1328 struct iwn_rx_data *data = &ring->data[i]; 1329 1330 if (data->m != NULL) { 1331 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 1332 data->map->dm_mapsize, BUS_DMASYNC_POSTREAD); 1333 bus_dmamap_unload(sc->sc_dmat, data->map); 1334 m_freem(data->m); 1335 } 1336 if (data->map != NULL) 1337 bus_dmamap_destroy(sc->sc_dmat, data->map); 1338 } 1339 } 1340 1341 static int 1342 iwn_alloc_tx_ring(struct iwn_softc *sc, struct iwn_tx_ring *ring, int qid) 1343 { 1344 bus_addr_t paddr; 1345 bus_size_t size; 1346 int i, error; 1347 1348 ring->qid = qid; 1349 ring->queued = 0; 1350 ring->cur = 0; 1351 1352 /* Allocate TX descriptors (256-byte aligned.) */ 1353 size = IWN_TX_RING_COUNT * sizeof (struct iwn_tx_desc); 1354 error = iwn_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, 1355 (void **)&ring->desc, size, 256); 1356 if (error != 0) { 1357 aprint_error_dev(sc->sc_dev, 1358 "could not allocate TX ring DMA memory\n"); 1359 goto fail; 1360 } 1361 /* 1362 * We only use rings 0 through 4 (4 EDCA + cmd) so there is no need 1363 * to allocate commands space for other rings. 1364 * XXX Do we really need to allocate descriptors for other rings? 1365 */ 1366 if (qid > 4) 1367 return 0; 1368 1369 size = IWN_TX_RING_COUNT * sizeof (struct iwn_tx_cmd); 1370 error = iwn_dma_contig_alloc(sc->sc_dmat, &ring->cmd_dma, 1371 (void **)&ring->cmd, size, 4); 1372 if (error != 0) { 1373 aprint_error_dev(sc->sc_dev, 1374 "could not allocate TX cmd DMA memory\n"); 1375 goto fail; 1376 } 1377 1378 paddr = ring->cmd_dma.paddr; 1379 for (i = 0; i < IWN_TX_RING_COUNT; i++) { 1380 struct iwn_tx_data *data = &ring->data[i]; 1381 1382 data->cmd_paddr = paddr; 1383 data->scratch_paddr = paddr + 12; 1384 paddr += sizeof (struct iwn_tx_cmd); 1385 1386 error = bus_dmamap_create(sc->sc_dmat, MCLBYTES, 1387 IWN_MAX_SCATTER - 1, MCLBYTES, 0, BUS_DMA_NOWAIT, 1388 &data->map); 1389 if (error != 0) { 1390 aprint_error_dev(sc->sc_dev, 1391 "could not create TX buf DMA map\n"); 1392 goto fail; 1393 } 1394 } 1395 return 0; 1396 1397 fail: iwn_free_tx_ring(sc, ring); 1398 return error; 1399 } 1400 1401 static void 1402 iwn_reset_tx_ring(struct iwn_softc *sc, struct iwn_tx_ring *ring) 1403 { 1404 int i; 1405 1406 for (i = 0; i < IWN_TX_RING_COUNT; i++) { 1407 struct iwn_tx_data *data = &ring->data[i]; 1408 1409 if (data->m != NULL) { 1410 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 1411 data->map->dm_mapsize, BUS_DMASYNC_POSTWRITE); 1412 bus_dmamap_unload(sc->sc_dmat, data->map); 1413 m_freem(data->m); 1414 data->m = NULL; 1415 } 1416 } 1417 /* Clear TX descriptors. */ 1418 memset(ring->desc, 0, ring->desc_dma.size); 1419 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map, 0, 1420 ring->desc_dma.size, BUS_DMASYNC_PREWRITE); 1421 sc->qfullmsk &= ~(1 << ring->qid); 1422 ring->queued = 0; 1423 ring->cur = 0; 1424 } 1425 1426 static void 1427 iwn_free_tx_ring(struct iwn_softc *sc, struct iwn_tx_ring *ring) 1428 { 1429 int i; 1430 1431 iwn_dma_contig_free(&ring->desc_dma); 1432 iwn_dma_contig_free(&ring->cmd_dma); 1433 1434 for (i = 0; i < IWN_TX_RING_COUNT; i++) { 1435 struct iwn_tx_data *data = &ring->data[i]; 1436 1437 if (data->m != NULL) { 1438 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 1439 data->map->dm_mapsize, BUS_DMASYNC_POSTWRITE); 1440 bus_dmamap_unload(sc->sc_dmat, data->map); 1441 m_freem(data->m); 1442 } 1443 if (data->map != NULL) 1444 bus_dmamap_destroy(sc->sc_dmat, data->map); 1445 } 1446 } 1447 1448 static void 1449 iwn5000_ict_reset(struct iwn_softc *sc) 1450 { 1451 /* Disable interrupts. */ 1452 IWN_WRITE(sc, IWN_INT_MASK, 0); 1453 1454 /* Reset ICT table. */ 1455 memset(sc->ict, 0, IWN_ICT_SIZE); 1456 sc->ict_cur = 0; 1457 1458 /* Set physical address of ICT table (4KB aligned.) */ 1459 DPRINTF(("enabling ICT\n")); 1460 IWN_WRITE(sc, IWN_DRAM_INT_TBL, IWN_DRAM_INT_TBL_ENABLE | 1461 IWN_DRAM_INT_TBL_WRAP_CHECK | sc->ict_dma.paddr >> 12); 1462 1463 /* Enable periodic RX interrupt. */ 1464 sc->int_mask |= IWN_INT_RX_PERIODIC; 1465 /* Switch to ICT interrupt mode in driver. */ 1466 sc->sc_flags |= IWN_FLAG_USE_ICT; 1467 1468 /* Re-enable interrupts. */ 1469 IWN_WRITE(sc, IWN_INT, 0xffffffff); 1470 IWN_WRITE(sc, IWN_INT_MASK, sc->int_mask); 1471 } 1472 1473 static int 1474 iwn_read_eeprom(struct iwn_softc *sc) 1475 { 1476 const struct iwn_hal *hal = sc->sc_hal; 1477 struct ieee80211com *ic = &sc->sc_ic; 1478 uint16_t val; 1479 int error; 1480 1481 /* Check whether adapter has an EEPROM or an OTPROM. */ 1482 if (sc->hw_type >= IWN_HW_REV_TYPE_1000 && 1483 (IWN_READ(sc, IWN_OTP_GP) & IWN_OTP_GP_DEV_SEL_OTP)) 1484 sc->sc_flags |= IWN_FLAG_HAS_OTPROM; 1485 DPRINTF(("%s found\n", (sc->sc_flags & IWN_FLAG_HAS_OTPROM) ? 1486 "OTPROM" : "EEPROM")); 1487 1488 /* Adapter has to be powered on for EEPROM access to work. */ 1489 if ((error = iwn_apm_init(sc)) != 0) { 1490 aprint_error_dev(sc->sc_dev, 1491 "could not power ON adapter\n"); 1492 return error; 1493 } 1494 1495 if ((IWN_READ(sc, IWN_EEPROM_GP) & 0x7) == 0) { 1496 aprint_error_dev(sc->sc_dev, 1497 "bad ROM signature\n"); 1498 return EIO; 1499 } 1500 if ((error = iwn_eeprom_lock(sc)) != 0) { 1501 aprint_error_dev(sc->sc_dev, 1502 "could not lock ROM (error=%d)\n", error); 1503 return error; 1504 } 1505 if (sc->sc_flags & IWN_FLAG_HAS_OTPROM) { 1506 if ((error = iwn_init_otprom(sc)) != 0) { 1507 aprint_error_dev(sc->sc_dev, 1508 "could not initialize OTPROM\n"); 1509 return error; 1510 } 1511 } 1512 1513 iwn_read_prom_data(sc, IWN_EEPROM_RFCFG, &val, 2); 1514 sc->rfcfg = le16toh(val); 1515 DPRINTF(("radio config=0x%04x\n", sc->rfcfg)); 1516 1517 /* Read MAC address. */ 1518 iwn_read_prom_data(sc, IWN_EEPROM_MAC, ic->ic_myaddr, 6); 1519 1520 /* Read adapter-specific information from EEPROM. */ 1521 hal->read_eeprom(sc); 1522 1523 iwn_apm_stop(sc); /* Power OFF adapter. */ 1524 1525 iwn_eeprom_unlock(sc); 1526 return 0; 1527 } 1528 1529 static void 1530 iwn4965_read_eeprom(struct iwn_softc *sc) 1531 { 1532 uint32_t addr; 1533 uint16_t val; 1534 int i; 1535 1536 /* Read regulatory domain (4 ASCII characters.) */ 1537 iwn_read_prom_data(sc, IWN4965_EEPROM_DOMAIN, sc->eeprom_domain, 4); 1538 1539 /* Read the list of authorized channels (20MHz ones only.) */ 1540 for (i = 0; i < 5; i++) { 1541 addr = iwn4965_regulatory_bands[i]; 1542 iwn_read_eeprom_channels(sc, i, addr); 1543 } 1544 1545 /* Read maximum allowed TX power for 2GHz and 5GHz bands. */ 1546 iwn_read_prom_data(sc, IWN4965_EEPROM_MAXPOW, &val, 2); 1547 sc->maxpwr2GHz = val & 0xff; 1548 sc->maxpwr5GHz = val >> 8; 1549 /* Check that EEPROM values are within valid range. */ 1550 if (sc->maxpwr5GHz < 20 || sc->maxpwr5GHz > 50) 1551 sc->maxpwr5GHz = 38; 1552 if (sc->maxpwr2GHz < 20 || sc->maxpwr2GHz > 50) 1553 sc->maxpwr2GHz = 38; 1554 DPRINTF(("maxpwr 2GHz=%d 5GHz=%d\n", sc->maxpwr2GHz, sc->maxpwr5GHz)); 1555 1556 /* Read samples for each TX power group. */ 1557 iwn_read_prom_data(sc, IWN4965_EEPROM_BANDS, sc->bands, 1558 sizeof sc->bands); 1559 1560 /* Read voltage at which samples were taken. */ 1561 iwn_read_prom_data(sc, IWN4965_EEPROM_VOLTAGE, &val, 2); 1562 sc->eeprom_voltage = (int16_t)le16toh(val); 1563 DPRINTF(("voltage=%d (in 0.3V)\n", sc->eeprom_voltage)); 1564 1565 #ifdef IWN_DEBUG 1566 /* Print samples. */ 1567 if (iwn_debug > 0) { 1568 for (i = 0; i < IWN_NBANDS; i++) 1569 iwn4965_print_power_group(sc, i); 1570 } 1571 #endif 1572 } 1573 1574 #ifdef IWN_DEBUG 1575 static void 1576 iwn4965_print_power_group(struct iwn_softc *sc, int i) 1577 { 1578 struct iwn4965_eeprom_band *band = &sc->bands[i]; 1579 struct iwn4965_eeprom_chan_samples *chans = band->chans; 1580 int j, c; 1581 1582 aprint_normal("===band %d===\n", i); 1583 aprint_normal("chan lo=%d, chan hi=%d\n", band->lo, band->hi); 1584 aprint_normal("chan1 num=%d\n", chans[0].num); 1585 for (c = 0; c < 2; c++) { 1586 for (j = 0; j < IWN_NSAMPLES; j++) { 1587 aprint_normal("chain %d, sample %d: temp=%d gain=%d " 1588 "power=%d pa_det=%d\n", c, j, 1589 chans[0].samples[c][j].temp, 1590 chans[0].samples[c][j].gain, 1591 chans[0].samples[c][j].power, 1592 chans[0].samples[c][j].pa_det); 1593 } 1594 } 1595 aprint_normal("chan2 num=%d\n", chans[1].num); 1596 for (c = 0; c < 2; c++) { 1597 for (j = 0; j < IWN_NSAMPLES; j++) { 1598 aprint_normal("chain %d, sample %d: temp=%d gain=%d " 1599 "power=%d pa_det=%d\n", c, j, 1600 chans[1].samples[c][j].temp, 1601 chans[1].samples[c][j].gain, 1602 chans[1].samples[c][j].power, 1603 chans[1].samples[c][j].pa_det); 1604 } 1605 } 1606 } 1607 #endif 1608 1609 static void 1610 iwn5000_read_eeprom(struct iwn_softc *sc) 1611 { 1612 struct iwn5000_eeprom_calib_hdr hdr; 1613 int32_t temp, volt; 1614 uint32_t base, addr; 1615 uint16_t val; 1616 int i; 1617 1618 /* Read regulatory domain (4 ASCII characters.) */ 1619 iwn_read_prom_data(sc, IWN5000_EEPROM_REG, &val, 2); 1620 base = le16toh(val); 1621 iwn_read_prom_data(sc, base + IWN5000_EEPROM_DOMAIN, 1622 sc->eeprom_domain, 4); 1623 1624 /* Read the list of authorized channels (20MHz ones only.) */ 1625 for (i = 0; i < 5; i++) { 1626 addr = base + iwn5000_regulatory_bands[i]; 1627 iwn_read_eeprom_channels(sc, i, addr); 1628 } 1629 1630 /* Read enhanced TX power information for 6000 Series. */ 1631 if (sc->hw_type >= IWN_HW_REV_TYPE_6000) 1632 iwn_read_eeprom_enhinfo(sc); 1633 1634 iwn_read_prom_data(sc, IWN5000_EEPROM_CAL, &val, 2); 1635 base = le16toh(val); 1636 iwn_read_prom_data(sc, base, &hdr, sizeof hdr); 1637 DPRINTF(("calib version=%u pa type=%u voltage=%u\n", 1638 hdr.version, hdr.pa_type, le16toh(hdr.volt))); 1639 sc->calib_ver = hdr.version; 1640 1641 if (sc->hw_type == IWN_HW_REV_TYPE_5150) { 1642 /* Compute temperature offset. */ 1643 iwn_read_prom_data(sc, base + IWN5000_EEPROM_TEMP, &val, 2); 1644 temp = le16toh(val); 1645 iwn_read_prom_data(sc, base + IWN5000_EEPROM_VOLT, &val, 2); 1646 volt = le16toh(val); 1647 sc->temp_off = temp - (volt / -5); 1648 DPRINTF(("temp=%d volt=%d offset=%dK\n", 1649 temp, volt, sc->temp_off)); 1650 } else { 1651 /* Read crystal calibration. */ 1652 iwn_read_prom_data(sc, base + IWN5000_EEPROM_CRYSTAL, 1653 &sc->eeprom_crystal, sizeof (uint32_t)); 1654 DPRINTF(("crystal calibration 0x%08x\n", 1655 le32toh(sc->eeprom_crystal))); 1656 } 1657 } 1658 1659 static void 1660 iwn_read_eeprom_channels(struct iwn_softc *sc, int n, uint32_t addr) 1661 { 1662 struct ieee80211com *ic = &sc->sc_ic; 1663 const struct iwn_chan_band *band = &iwn_bands[n]; 1664 struct iwn_eeprom_chan channels[IWN_MAX_CHAN_PER_BAND]; 1665 uint8_t chan; 1666 int i; 1667 1668 iwn_read_prom_data(sc, addr, channels, 1669 band->nchan * sizeof (struct iwn_eeprom_chan)); 1670 1671 for (i = 0; i < band->nchan; i++) { 1672 if (!(channels[i].flags & IWN_EEPROM_CHAN_VALID)) 1673 continue; 1674 1675 chan = band->chan[i]; 1676 1677 if (n == 0) { /* 2GHz band */ 1678 ic->ic_channels[chan].ic_freq = 1679 ieee80211_ieee2mhz(chan, IEEE80211_CHAN_2GHZ); 1680 ic->ic_channels[chan].ic_flags = 1681 IEEE80211_CHAN_CCK | IEEE80211_CHAN_OFDM | 1682 IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ; 1683 1684 } else { /* 5GHz band */ 1685 /* 1686 * Some adapters support channels 7, 8, 11 and 12 1687 * both in the 2GHz and 4.9GHz bands. 1688 * Because of limitations in our net80211 layer, 1689 * we don't support them in the 4.9GHz band. 1690 */ 1691 if (chan <= 14) 1692 continue; 1693 1694 ic->ic_channels[chan].ic_freq = 1695 ieee80211_ieee2mhz(chan, IEEE80211_CHAN_5GHZ); 1696 ic->ic_channels[chan].ic_flags = IEEE80211_CHAN_A; 1697 /* We have at least one valid 5GHz channel. */ 1698 sc->sc_flags |= IWN_FLAG_HAS_5GHZ; 1699 } 1700 1701 /* Is active scan allowed on this channel? */ 1702 if (!(channels[i].flags & IWN_EEPROM_CHAN_ACTIVE)) { 1703 ic->ic_channels[chan].ic_flags |= 1704 IEEE80211_CHAN_PASSIVE; 1705 } 1706 1707 /* Save maximum allowed TX power for this channel. */ 1708 sc->maxpwr[chan] = channels[i].maxpwr; 1709 1710 DPRINTF(("adding chan %d flags=0x%x maxpwr=%d\n", 1711 chan, channels[i].flags, sc->maxpwr[chan])); 1712 } 1713 } 1714 1715 static void 1716 iwn_read_eeprom_enhinfo(struct iwn_softc *sc) 1717 { 1718 struct iwn_eeprom_enhinfo enhinfo[35]; 1719 uint16_t val, base; 1720 int8_t maxpwr; 1721 int i; 1722 1723 iwn_read_prom_data(sc, IWN5000_EEPROM_REG, &val, 2); 1724 base = le16toh(val); 1725 iwn_read_prom_data(sc, base + IWN6000_EEPROM_ENHINFO, 1726 enhinfo, sizeof enhinfo); 1727 1728 memset(sc->enh_maxpwr, 0, sizeof sc->enh_maxpwr); 1729 for (i = 0; i < __arraycount(enhinfo); i++) { 1730 if (enhinfo[i].chan == 0 || enhinfo[i].reserved != 0) 1731 continue; /* Skip invalid entries. */ 1732 1733 maxpwr = 0; 1734 if (sc->txchainmask & IWN_ANT_A) 1735 maxpwr = MAX(maxpwr, enhinfo[i].chain[0]); 1736 if (sc->txchainmask & IWN_ANT_B) 1737 maxpwr = MAX(maxpwr, enhinfo[i].chain[1]); 1738 if (sc->txchainmask & IWN_ANT_C) 1739 maxpwr = MAX(maxpwr, enhinfo[i].chain[2]); 1740 if (sc->ntxchains == 2) 1741 maxpwr = MAX(maxpwr, enhinfo[i].mimo2); 1742 else if (sc->ntxchains == 3) 1743 maxpwr = MAX(maxpwr, enhinfo[i].mimo3); 1744 maxpwr /= 2; /* Convert half-dBm to dBm. */ 1745 1746 DPRINTF(("enhinfo %d, maxpwr=%d\n", i, maxpwr)); 1747 sc->enh_maxpwr[i] = maxpwr; 1748 } 1749 } 1750 1751 static struct ieee80211_node * 1752 iwn_node_alloc(struct ieee80211_node_table *ic __unused) 1753 { 1754 return malloc(sizeof (struct iwn_node), M_80211_NODE, M_NOWAIT | M_ZERO); 1755 } 1756 1757 static void 1758 iwn_newassoc(struct ieee80211_node *ni, int isnew) 1759 { 1760 struct iwn_softc *sc = ni->ni_ic->ic_ifp->if_softc; 1761 struct iwn_node *wn = (void *)ni; 1762 uint8_t rate; 1763 int ridx, i; 1764 1765 ieee80211_amrr_node_init(&sc->amrr, &wn->amn); 1766 /* Start at lowest available bit-rate, AMRR will raise. */ 1767 ni->ni_txrate = 0; 1768 1769 for (i = 0; i < ni->ni_rates.rs_nrates; i++) { 1770 rate = ni->ni_rates.rs_rates[i] & IEEE80211_RATE_VAL; 1771 /* Map 802.11 rate to HW rate index. */ 1772 for (ridx = 0; ridx <= IWN_RIDX_MAX; ridx++) 1773 if (iwn_rates[ridx].rate == rate) 1774 break; 1775 wn->ridx[i] = ridx; 1776 } 1777 } 1778 1779 static int 1780 iwn_media_change(struct ifnet *ifp) 1781 { 1782 struct iwn_softc *sc = ifp->if_softc; 1783 struct ieee80211com *ic = &sc->sc_ic; 1784 uint8_t rate, ridx; 1785 int error; 1786 1787 error = ieee80211_media_change(ifp); 1788 if (error != ENETRESET) 1789 return error; 1790 1791 if (ic->ic_fixed_rate != -1) { 1792 rate = ic->ic_sup_rates[ic->ic_curmode]. 1793 rs_rates[ic->ic_fixed_rate] & IEEE80211_RATE_VAL; 1794 /* Map 802.11 rate to HW rate index. */ 1795 for (ridx = 0; ridx <= IWN_RIDX_MAX; ridx++) 1796 if (iwn_rates[ridx].rate == rate) 1797 break; 1798 sc->fixed_ridx = ridx; 1799 } 1800 1801 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == 1802 (IFF_UP | IFF_RUNNING)) { 1803 iwn_stop(ifp, 0); 1804 error = iwn_init(ifp); 1805 } 1806 return error; 1807 } 1808 1809 static int 1810 iwn_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg) 1811 { 1812 struct ifnet *ifp = ic->ic_ifp; 1813 struct iwn_softc *sc = ifp->if_softc; 1814 int error; 1815 1816 callout_stop(&sc->calib_to); 1817 1818 switch (nstate) { 1819 case IEEE80211_S_SCAN: 1820 /* XXX Do not abort a running scan. */ 1821 if (sc->sc_flags & IWN_FLAG_SCANNING) { 1822 aprint_error_dev(sc->sc_dev, 1823 "scan request while scanning ignored\n"); 1824 break; 1825 } 1826 1827 /* XXX Not sure if call and flags are needed. */ 1828 ieee80211_node_table_reset(&ic->ic_scan); 1829 ic->ic_flags |= IEEE80211_F_SCAN | IEEE80211_F_ASCAN; 1830 sc->sc_flags |= IWN_FLAG_SCANNING; 1831 1832 /* Make the link LED blink while we're scanning. */ 1833 iwn_set_led(sc, IWN_LED_LINK, 10, 10); 1834 1835 if ((error = iwn_scan(sc, IEEE80211_CHAN_2GHZ)) != 0) { 1836 aprint_error_dev(sc->sc_dev, 1837 "could not initiate scan\n"); 1838 return error; 1839 } 1840 ic->ic_state = nstate; 1841 return 0; 1842 1843 case IEEE80211_S_ASSOC: 1844 if (ic->ic_state != IEEE80211_S_RUN) 1845 break; 1846 /* FALLTHROUGH */ 1847 case IEEE80211_S_AUTH: 1848 /* Reset state to handle reassociations correctly. */ 1849 sc->rxon.associd = 0; 1850 sc->rxon.filter &= ~htole32(IWN_FILTER_BSS); 1851 sc->calib.state = IWN_CALIB_STATE_INIT; 1852 1853 if ((error = iwn_auth(sc)) != 0) { 1854 aprint_error_dev(sc->sc_dev, 1855 "could not move to auth state\n"); 1856 return error; 1857 } 1858 break; 1859 1860 case IEEE80211_S_RUN: 1861 if ((error = iwn_run(sc)) != 0) { 1862 aprint_error_dev(sc->sc_dev, 1863 "could not move to run state\n"); 1864 return error; 1865 } 1866 break; 1867 1868 case IEEE80211_S_INIT: 1869 sc->sc_flags &= ~IWN_FLAG_SCANNING; 1870 sc->calib.state = IWN_CALIB_STATE_INIT; 1871 break; 1872 } 1873 1874 return sc->sc_newstate(ic, nstate, arg); 1875 } 1876 1877 static void 1878 iwn_iter_func(void *arg, struct ieee80211_node *ni) 1879 { 1880 struct iwn_softc *sc = arg; 1881 struct iwn_node *wn = (struct iwn_node *)ni; 1882 1883 ieee80211_amrr_choose(&sc->amrr, ni, &wn->amn); 1884 } 1885 1886 static void 1887 iwn_calib_timeout(void *arg) 1888 { 1889 struct iwn_softc *sc = arg; 1890 struct ieee80211com *ic = &sc->sc_ic; 1891 int s; 1892 1893 s = splnet(); 1894 if (ic->ic_fixed_rate == -1) { 1895 if (ic->ic_opmode == IEEE80211_M_STA) 1896 iwn_iter_func(sc, ic->ic_bss); 1897 else 1898 ieee80211_iterate_nodes(&ic->ic_sta, iwn_iter_func, sc); 1899 } 1900 /* Force automatic TX power calibration every 60 secs. */ 1901 if (++sc->calib_cnt >= 120) { 1902 uint32_t flags = 0; 1903 1904 DPRINTF(("sending request for statistics\n")); 1905 (void)iwn_cmd(sc, IWN_CMD_GET_STATISTICS, &flags, 1906 sizeof flags, 1); 1907 sc->calib_cnt = 0; 1908 } 1909 splx(s); 1910 1911 /* Automatic rate control triggered every 500ms. */ 1912 callout_schedule(&sc->calib_to, hz/2); 1913 } 1914 1915 /* 1916 * Process an RX_PHY firmware notification. This is usually immediately 1917 * followed by an MPDU_RX_DONE notification. 1918 */ 1919 static void 1920 iwn_rx_phy(struct iwn_softc *sc, struct iwn_rx_desc *desc, 1921 struct iwn_rx_data *data) 1922 { 1923 struct iwn_rx_stat *stat = (struct iwn_rx_stat *)(desc + 1); 1924 1925 DPRINTFN(2, ("received PHY stats\n")); 1926 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof (*desc), 1927 sizeof (*stat), BUS_DMASYNC_POSTREAD); 1928 1929 /* Save RX statistics, they will be used on MPDU_RX_DONE. */ 1930 memcpy(&sc->last_rx_stat, stat, sizeof (*stat)); 1931 sc->last_rx_valid = 1; 1932 } 1933 1934 /* 1935 * Process an RX_DONE (4965AGN only) or MPDU_RX_DONE firmware notification. 1936 * Each MPDU_RX_DONE notification must be preceded by an RX_PHY one. 1937 */ 1938 static void 1939 iwn_rx_done(struct iwn_softc *sc, struct iwn_rx_desc *desc, 1940 struct iwn_rx_data *data) 1941 { 1942 const struct iwn_hal *hal = sc->sc_hal; 1943 struct ieee80211com *ic = &sc->sc_ic; 1944 struct ifnet *ifp = ic->ic_ifp; 1945 struct iwn_rx_ring *ring = &sc->rxq; 1946 struct ieee80211_frame *wh; 1947 struct ieee80211_node *ni; 1948 struct mbuf *m, *m1; 1949 struct iwn_rx_stat *stat; 1950 char *head; 1951 uint32_t flags; 1952 int error, len, rssi; 1953 1954 if (desc->type == IWN_MPDU_RX_DONE) { 1955 /* Check for prior RX_PHY notification. */ 1956 if (!sc->last_rx_valid) { 1957 DPRINTF(("missing RX_PHY\n")); 1958 ifp->if_ierrors++; 1959 return; 1960 } 1961 sc->last_rx_valid = 0; 1962 stat = &sc->last_rx_stat; 1963 } else 1964 stat = (struct iwn_rx_stat *)(desc + 1); 1965 1966 bus_dmamap_sync(sc->sc_dmat, data->map, 0, IWN_RBUF_SIZE, 1967 BUS_DMASYNC_POSTREAD); 1968 1969 if (stat->cfg_phy_len > IWN_STAT_MAXLEN) { 1970 aprint_error_dev(sc->sc_dev, 1971 "invalid RX statistic header\n"); 1972 ifp->if_ierrors++; 1973 return; 1974 } 1975 if (desc->type == IWN_MPDU_RX_DONE) { 1976 struct iwn_rx_mpdu *mpdu = (struct iwn_rx_mpdu *)(desc + 1); 1977 head = (char *)(mpdu + 1); 1978 len = le16toh(mpdu->len); 1979 } else { 1980 head = (char *)(stat + 1) + stat->cfg_phy_len; 1981 len = le16toh(stat->len); 1982 } 1983 1984 flags = le32toh(*(uint32_t *)(head + len)); 1985 1986 /* Discard frames with a bad FCS early. */ 1987 if ((flags & IWN_RX_NOERROR) != IWN_RX_NOERROR) { 1988 DPRINTFN(2, ("RX flags error %x\n", flags)); 1989 ifp->if_ierrors++; 1990 return; 1991 } 1992 /* Discard frames that are too short. */ 1993 if (len < sizeof (*wh)) { 1994 DPRINTF(("frame too short: %d\n", len)); 1995 ic->ic_stats.is_rx_tooshort++; 1996 ifp->if_ierrors++; 1997 return; 1998 } 1999 2000 m1 = MCLGETIalt(sc, M_DONTWAIT, NULL, IWN_RBUF_SIZE); 2001 if (m1 == NULL) { 2002 ic->ic_stats.is_rx_nobuf++; 2003 ifp->if_ierrors++; 2004 return; 2005 } 2006 bus_dmamap_unload(sc->sc_dmat, data->map); 2007 2008 error = bus_dmamap_load(sc->sc_dmat, data->map, mtod(m1, void *), 2009 IWN_RBUF_SIZE, NULL, BUS_DMA_NOWAIT | BUS_DMA_READ); 2010 if (error != 0) { 2011 m_freem(m1); 2012 2013 /* Try to reload the old mbuf. */ 2014 error = bus_dmamap_load(sc->sc_dmat, data->map, 2015 mtod(data->m, void *), IWN_RBUF_SIZE, NULL, 2016 BUS_DMA_NOWAIT | BUS_DMA_READ); 2017 if (error != 0) { 2018 panic("%s: could not load old RX mbuf", 2019 device_xname(sc->sc_dev)); 2020 } 2021 /* Physical address may have changed. */ 2022 ring->desc[ring->cur] = 2023 htole32(data->map->dm_segs[0].ds_addr >> 8); 2024 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map, 2025 ring->cur * sizeof (uint32_t), sizeof (uint32_t), 2026 BUS_DMASYNC_PREWRITE); 2027 ifp->if_ierrors++; 2028 return; 2029 } 2030 2031 m = data->m; 2032 data->m = m1; 2033 /* Update RX descriptor. */ 2034 ring->desc[ring->cur] = htole32(data->map->dm_segs[0].ds_addr >> 8); 2035 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map, 2036 ring->cur * sizeof (uint32_t), sizeof (uint32_t), 2037 BUS_DMASYNC_PREWRITE); 2038 2039 /* Finalize mbuf. */ 2040 m->m_pkthdr.rcvif = ifp; 2041 m->m_data = head; 2042 m->m_pkthdr.len = m->m_len = len; 2043 2044 /* Grab a reference to the source node. */ 2045 wh = mtod(m, struct ieee80211_frame *); 2046 ni = ieee80211_find_rxnode(ic, (struct ieee80211_frame_min *)wh); 2047 2048 /* XXX OpenBSD adds decryption here (see also comments in iwn_tx). */ 2049 /* NetBSD does decryption in ieee80211_input. */ 2050 2051 rssi = hal->get_rssi(stat); 2052 2053 /* XXX Added for NetBSD: scans never stop without it */ 2054 if (ic->ic_state == IEEE80211_S_SCAN) 2055 iwn_fix_channel(ic, m); 2056 2057 if (sc->sc_drvbpf != NULL) { 2058 struct iwn_rx_radiotap_header *tap = &sc->sc_rxtap; 2059 2060 tap->wr_flags = 0; 2061 if (stat->flags & htole16(IWN_STAT_FLAG_SHPREAMBLE)) 2062 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2063 tap->wr_chan_freq = 2064 htole16(ic->ic_channels[stat->chan].ic_freq); 2065 tap->wr_chan_flags = 2066 htole16(ic->ic_channels[stat->chan].ic_flags); 2067 tap->wr_dbm_antsignal = (int8_t)rssi; 2068 tap->wr_dbm_antnoise = (int8_t)sc->noise; 2069 tap->wr_tsft = stat->tstamp; 2070 switch (stat->rate) { 2071 /* CCK rates. */ 2072 case 10: tap->wr_rate = 2; break; 2073 case 20: tap->wr_rate = 4; break; 2074 case 55: tap->wr_rate = 11; break; 2075 case 110: tap->wr_rate = 22; break; 2076 /* OFDM rates. */ 2077 case 0xd: tap->wr_rate = 12; break; 2078 case 0xf: tap->wr_rate = 18; break; 2079 case 0x5: tap->wr_rate = 24; break; 2080 case 0x7: tap->wr_rate = 36; break; 2081 case 0x9: tap->wr_rate = 48; break; 2082 case 0xb: tap->wr_rate = 72; break; 2083 case 0x1: tap->wr_rate = 96; break; 2084 case 0x3: tap->wr_rate = 108; break; 2085 /* Unknown rate: should not happen. */ 2086 default: tap->wr_rate = 0; 2087 } 2088 2089 bpf_mtap2(sc->sc_drvbpf, tap, sc->sc_rxtap_len, m); 2090 } 2091 2092 /* Send the frame to the 802.11 layer. */ 2093 ieee80211_input(ic, m, ni, rssi, 0); 2094 2095 /* Node is no longer needed. */ 2096 ieee80211_free_node(ni); 2097 } 2098 2099 #ifndef IEEE80211_NO_HT 2100 /* Process an incoming Compressed BlockAck. */ 2101 static void 2102 iwn_rx_compressed_ba(struct iwn_softc *sc, struct iwn_rx_desc *desc, 2103 struct iwn_rx_data *data) 2104 { 2105 struct iwn_compressed_ba *ba = (struct iwn_compressed_ba *)(desc + 1); 2106 struct iwn_tx_ring *txq; 2107 2108 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof (*desc), sizeof (*ba), 2109 BUS_DMASYNC_POSTREAD); 2110 2111 txq = &sc->txq[le16toh(ba->qid)]; 2112 /* XXX TBD */ 2113 } 2114 #endif 2115 2116 /* 2117 * Process a CALIBRATION_RESULT notification sent by the initialization 2118 * firmware on response to a CMD_CALIB_CONFIG command (5000 only.) 2119 */ 2120 static void 2121 iwn5000_rx_calib_results(struct iwn_softc *sc, struct iwn_rx_desc *desc, 2122 struct iwn_rx_data *data) 2123 { 2124 struct iwn_phy_calib *calib = (struct iwn_phy_calib *)(desc + 1); 2125 int len, idx = -1; 2126 2127 /* Runtime firmware should not send such a notification. */ 2128 if (sc->sc_flags & IWN_FLAG_CALIB_DONE) 2129 return; 2130 2131 len = (le32toh(desc->len) & 0x3fff) - 4; 2132 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof (*desc), len, 2133 BUS_DMASYNC_POSTREAD); 2134 2135 switch (calib->code) { 2136 case IWN5000_PHY_CALIB_DC: 2137 if (sc->hw_type == IWN_HW_REV_TYPE_5150 || 2138 sc->hw_type == IWN_HW_REV_TYPE_6050) 2139 idx = 0; 2140 break; 2141 case IWN5000_PHY_CALIB_LO: 2142 idx = 1; 2143 break; 2144 case IWN5000_PHY_CALIB_TX_IQ: 2145 idx = 2; 2146 break; 2147 case IWN5000_PHY_CALIB_TX_IQ_PERIODIC: 2148 if (sc->hw_type < IWN_HW_REV_TYPE_6000 && 2149 sc->hw_type != IWN_HW_REV_TYPE_5150) 2150 idx = 3; 2151 break; 2152 case IWN5000_PHY_CALIB_BASE_BAND: 2153 idx = 4; 2154 break; 2155 } 2156 if (idx == -1) /* Ignore other results. */ 2157 return; 2158 2159 /* Save calibration result. */ 2160 if (sc->calibcmd[idx].buf != NULL) 2161 free(sc->calibcmd[idx].buf, M_DEVBUF); 2162 sc->calibcmd[idx].buf = malloc(len, M_DEVBUF, M_NOWAIT); 2163 if (sc->calibcmd[idx].buf == NULL) { 2164 DPRINTF(("not enough memory for calibration result %d\n", 2165 calib->code)); 2166 return; 2167 } 2168 DPRINTF(("saving calibration result code=%d len=%d\n", 2169 calib->code, len)); 2170 sc->calibcmd[idx].len = len; 2171 memcpy(sc->calibcmd[idx].buf, calib, len); 2172 } 2173 2174 /* 2175 * Process an RX_STATISTICS or BEACON_STATISTICS firmware notification. 2176 * The latter is sent by the firmware after each received beacon. 2177 */ 2178 static void 2179 iwn_rx_statistics(struct iwn_softc *sc, struct iwn_rx_desc *desc, 2180 struct iwn_rx_data *data) 2181 { 2182 const struct iwn_hal *hal = sc->sc_hal; 2183 struct ieee80211com *ic = &sc->sc_ic; 2184 struct iwn_calib_state *calib = &sc->calib; 2185 struct iwn_stats *stats = (struct iwn_stats *)(desc + 1); 2186 int temp; 2187 2188 /* Ignore statistics received during a scan. */ 2189 if (ic->ic_state != IEEE80211_S_RUN) 2190 return; 2191 2192 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof (*desc), 2193 sizeof (*stats), BUS_DMASYNC_POSTREAD); 2194 2195 DPRINTFN(3, ("received statistics (cmd=%d)\n", desc->type)); 2196 sc->calib_cnt = 0; /* Reset TX power calibration timeout. */ 2197 2198 /* Test if temperature has changed. */ 2199 if (stats->general.temp != sc->rawtemp) { 2200 /* Convert "raw" temperature to degC. */ 2201 sc->rawtemp = stats->general.temp; 2202 temp = hal->get_temperature(sc); 2203 DPRINTFN(2, ("temperature=%dC\n", temp)); 2204 2205 #ifndef SMALL_KERNEL 2206 /* Update temperature sensor. */ 2207 sc->sc_sensor.value_cur = IWN_CTOMUK(temp); 2208 sc->sc_sensor.state = ENVSYS_SVALID; 2209 #endif 2210 2211 /* Update TX power if need be (4965AGN only.) */ 2212 if (sc->hw_type == IWN_HW_REV_TYPE_4965) 2213 iwn4965_power_calibration(sc, temp); 2214 } 2215 2216 if (desc->type != IWN_BEACON_STATISTICS) 2217 return; /* Reply to a statistics request. */ 2218 2219 sc->noise = iwn_get_noise(&stats->rx.general); 2220 2221 /* Test that RSSI and noise are present in stats report. */ 2222 if (le32toh(stats->rx.general.flags) != 1) { 2223 DPRINTF(("received statistics without RSSI\n")); 2224 return; 2225 } 2226 2227 if (calib->state == IWN_CALIB_STATE_ASSOC) 2228 iwn_collect_noise(sc, &stats->rx.general); 2229 else if (calib->state == IWN_CALIB_STATE_RUN) 2230 iwn_tune_sensitivity(sc, &stats->rx); 2231 } 2232 2233 /* 2234 * Process a TX_DONE firmware notification. Unfortunately, the 4965AGN 2235 * and 5000 adapters have different incompatible TX status formats. 2236 */ 2237 static void 2238 iwn4965_tx_done(struct iwn_softc *sc, struct iwn_rx_desc *desc, 2239 struct iwn_rx_data *data) 2240 { 2241 struct iwn4965_tx_stat *stat = (struct iwn4965_tx_stat *)(desc + 1); 2242 2243 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof (*desc), 2244 sizeof (*stat), BUS_DMASYNC_POSTREAD); 2245 iwn_tx_done(sc, desc, stat->ackfailcnt, le32toh(stat->status) & 0xff); 2246 } 2247 2248 static void 2249 iwn5000_tx_done(struct iwn_softc *sc, struct iwn_rx_desc *desc, 2250 struct iwn_rx_data *data) 2251 { 2252 struct iwn5000_tx_stat *stat = (struct iwn5000_tx_stat *)(desc + 1); 2253 2254 #ifdef notyet 2255 /* Reset TX scheduler slot. */ 2256 iwn5000_reset_sched(sc, desc->qid & 0xf, desc->idx); 2257 #endif 2258 2259 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof (*desc), 2260 sizeof (*stat), BUS_DMASYNC_POSTREAD); 2261 iwn_tx_done(sc, desc, stat->ackfailcnt, le16toh(stat->status) & 0xff); 2262 } 2263 2264 /* 2265 * Adapter-independent backend for TX_DONE firmware notifications. 2266 */ 2267 static void 2268 iwn_tx_done(struct iwn_softc *sc, struct iwn_rx_desc *desc, int ackfailcnt, 2269 uint8_t status) 2270 { 2271 struct ieee80211com *ic = &sc->sc_ic; 2272 struct ifnet *ifp = ic->ic_ifp; 2273 struct iwn_tx_ring *ring = &sc->txq[desc->qid & 0xf]; 2274 struct iwn_tx_data *data = &ring->data[desc->idx]; 2275 struct iwn_node *wn = (struct iwn_node *)data->ni; 2276 2277 /* Update rate control statistics. */ 2278 wn->amn.amn_txcnt++; 2279 if (ackfailcnt > 0) 2280 wn->amn.amn_retrycnt++; 2281 2282 if (status != 1 && status != 2) 2283 ifp->if_oerrors++; 2284 else 2285 ifp->if_opackets++; 2286 2287 /* Unmap and free mbuf. */ 2288 bus_dmamap_sync(sc->sc_dmat, data->map, 0, data->map->dm_mapsize, 2289 BUS_DMASYNC_POSTWRITE); 2290 bus_dmamap_unload(sc->sc_dmat, data->map); 2291 m_freem(data->m); 2292 data->m = NULL; 2293 ieee80211_free_node(data->ni); 2294 data->ni = NULL; 2295 2296 sc->sc_tx_timer = 0; 2297 if (--ring->queued < IWN_TX_RING_LOMARK) { 2298 sc->qfullmsk &= ~(1 << ring->qid); 2299 if (sc->qfullmsk == 0 && (ifp->if_flags & IFF_OACTIVE)) { 2300 ifp->if_flags &= ~IFF_OACTIVE; 2301 (*ifp->if_start)(ifp); 2302 } 2303 } 2304 } 2305 2306 /* 2307 * Process a "command done" firmware notification. This is where we wakeup 2308 * processes waiting for a synchronous command completion. 2309 */ 2310 static void 2311 iwn_cmd_done(struct iwn_softc *sc, struct iwn_rx_desc *desc) 2312 { 2313 struct iwn_tx_ring *ring = &sc->txq[4]; 2314 struct iwn_tx_data *data; 2315 2316 if ((desc->qid & 0xf) != 4) 2317 return; /* Not a command ack. */ 2318 2319 data = &ring->data[desc->idx]; 2320 2321 /* If the command was mapped in an mbuf, free it. */ 2322 if (data->m != NULL) { 2323 bus_dmamap_sync(sc->sc_dmat, data->map, 0, 2324 data->map->dm_mapsize, BUS_DMASYNC_POSTWRITE); 2325 bus_dmamap_unload(sc->sc_dmat, data->map); 2326 m_freem(data->m); 2327 data->m = NULL; 2328 } 2329 wakeup(&ring->desc[desc->idx]); 2330 } 2331 2332 /* 2333 * Process an INT_FH_RX or INT_SW_RX interrupt. 2334 */ 2335 static void 2336 iwn_notif_intr(struct iwn_softc *sc) 2337 { 2338 struct ieee80211com *ic = &sc->sc_ic; 2339 struct ifnet *ifp = ic->ic_ifp; 2340 uint16_t hw; 2341 2342 bus_dmamap_sync(sc->sc_dmat, sc->rxq.stat_dma.map, 2343 0, sc->rxq.stat_dma.size, BUS_DMASYNC_POSTREAD); 2344 2345 hw = le16toh(sc->rxq.stat->closed_count) & 0xfff; 2346 while (sc->rxq.cur != hw) { 2347 struct iwn_rx_data *data = &sc->rxq.data[sc->rxq.cur]; 2348 struct iwn_rx_desc *desc; 2349 2350 bus_dmamap_sync(sc->sc_dmat, data->map, 0, sizeof (*desc), 2351 BUS_DMASYNC_POSTREAD); 2352 desc = mtod(data->m, struct iwn_rx_desc *); 2353 2354 DPRINTFN(4, ("notification qid=%d idx=%d flags=%x type=%d\n", 2355 desc->qid & 0xf, desc->idx, desc->flags, desc->type)); 2356 2357 if (!(desc->qid & 0x80)) /* Reply to a command. */ 2358 iwn_cmd_done(sc, desc); 2359 2360 switch (desc->type) { 2361 case IWN_RX_PHY: 2362 iwn_rx_phy(sc, desc, data); 2363 break; 2364 2365 case IWN_RX_DONE: /* 4965AGN only. */ 2366 case IWN_MPDU_RX_DONE: 2367 /* An 802.11 frame has been received. */ 2368 iwn_rx_done(sc, desc, data); 2369 break; 2370 #ifndef IEEE80211_NO_HT 2371 case IWN_RX_COMPRESSED_BA: 2372 /* A Compressed BlockAck has been received. */ 2373 iwn_rx_compressed_ba(sc, desc, data); 2374 break; 2375 #endif 2376 case IWN_TX_DONE: 2377 /* An 802.11 frame has been transmitted. */ 2378 sc->sc_hal->tx_done(sc, desc, data); 2379 break; 2380 2381 case IWN_RX_STATISTICS: 2382 case IWN_BEACON_STATISTICS: 2383 iwn_rx_statistics(sc, desc, data); 2384 break; 2385 2386 case IWN_BEACON_MISSED: 2387 { 2388 struct iwn_beacon_missed *miss = 2389 (struct iwn_beacon_missed *)(desc + 1); 2390 2391 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof (*desc), 2392 sizeof (*miss), BUS_DMASYNC_POSTREAD); 2393 /* 2394 * If more than 5 consecutive beacons are missed, 2395 * reinitialize the sensitivity state machine. 2396 */ 2397 DPRINTF(("beacons missed %d/%d\n", 2398 le32toh(miss->consecutive), le32toh(miss->total))); 2399 if (ic->ic_state == IEEE80211_S_RUN && 2400 le32toh(miss->consecutive) > 5) 2401 (void)iwn_init_sensitivity(sc); 2402 break; 2403 } 2404 case IWN_UC_READY: 2405 { 2406 struct iwn_ucode_info *uc = 2407 (struct iwn_ucode_info *)(desc + 1); 2408 2409 /* The microcontroller is ready. */ 2410 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof (*desc), 2411 sizeof (*uc), BUS_DMASYNC_POSTREAD); 2412 DPRINTF(("microcode alive notification version=%d.%d " 2413 "subtype=%x alive=%x\n", uc->major, uc->minor, 2414 uc->subtype, le32toh(uc->valid))); 2415 2416 if (le32toh(uc->valid) != 1) { 2417 aprint_error_dev(sc->sc_dev, 2418 "microcontroller initialization " 2419 "failed\n"); 2420 break; 2421 } 2422 if (uc->subtype == IWN_UCODE_INIT) { 2423 /* Save microcontroller report. */ 2424 memcpy(&sc->ucode_info, uc, sizeof (*uc)); 2425 } 2426 /* Save the address of the error log in SRAM. */ 2427 sc->errptr = le32toh(uc->errptr); 2428 break; 2429 } 2430 case IWN_STATE_CHANGED: 2431 { 2432 uint32_t *status = (uint32_t *)(desc + 1); 2433 2434 /* Enabled/disabled notification. */ 2435 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof (*desc), 2436 sizeof (*status), BUS_DMASYNC_POSTREAD); 2437 DPRINTF(("state changed to %x\n", le32toh(*status))); 2438 2439 if (le32toh(*status) & 1) { 2440 /* The radio button has to be pushed. */ 2441 aprint_error_dev(sc->sc_dev, 2442 "Radio transmitter is off\n"); 2443 /* Turn the interface down. */ 2444 ifp->if_flags &= ~IFF_UP; 2445 iwn_stop(ifp, 1); 2446 return; /* No further processing. */ 2447 } 2448 break; 2449 } 2450 case IWN_START_SCAN: 2451 { 2452 struct iwn_start_scan *scan = 2453 (struct iwn_start_scan *)(desc + 1); 2454 2455 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof (*desc), 2456 sizeof (*scan), BUS_DMASYNC_POSTREAD); 2457 DPRINTFN(2, ("scanning channel %d status %x\n", 2458 scan->chan, le32toh(scan->status))); 2459 2460 /* Fix current channel. */ 2461 ic->ic_bss->ni_chan = &ic->ic_channels[scan->chan]; 2462 break; 2463 } 2464 case IWN_STOP_SCAN: 2465 { 2466 struct iwn_stop_scan *scan = 2467 (struct iwn_stop_scan *)(desc + 1); 2468 2469 bus_dmamap_sync(sc->sc_dmat, data->map, sizeof (*desc), 2470 sizeof (*scan), BUS_DMASYNC_POSTREAD); 2471 DPRINTF(("scan finished nchan=%d status=%d chan=%d\n", 2472 scan->nchan, scan->status, scan->chan)); 2473 2474 if (scan->status == 1 && scan->chan <= 14 && 2475 (sc->sc_flags & IWN_FLAG_HAS_5GHZ)) { 2476 /* 2477 * We just finished scanning 2GHz channels, 2478 * start scanning 5GHz ones. 2479 */ 2480 if (iwn_scan(sc, IEEE80211_CHAN_5GHZ) == 0) 2481 break; 2482 } 2483 sc->sc_flags &= ~IWN_FLAG_SCANNING; 2484 ieee80211_end_scan(ic); 2485 break; 2486 } 2487 case IWN5000_CALIBRATION_RESULT: 2488 iwn5000_rx_calib_results(sc, desc, data); 2489 break; 2490 2491 case IWN5000_CALIBRATION_DONE: 2492 sc->sc_flags |= IWN_FLAG_CALIB_DONE; 2493 wakeup(sc); 2494 break; 2495 } 2496 2497 sc->rxq.cur = (sc->rxq.cur + 1) % IWN_RX_RING_COUNT; 2498 } 2499 2500 /* Tell the firmware what we have processed. */ 2501 hw = (hw == 0) ? IWN_RX_RING_COUNT - 1 : hw - 1; 2502 IWN_WRITE(sc, IWN_FH_RX_WPTR, hw & ~7); 2503 } 2504 2505 /* 2506 * Process an INT_WAKEUP interrupt raised when the microcontroller wakes up 2507 * from power-down sleep mode. 2508 */ 2509 static void 2510 iwn_wakeup_intr(struct iwn_softc *sc) 2511 { 2512 int qid; 2513 2514 DPRINTF(("ucode wakeup from power-down sleep\n")); 2515 2516 /* Wakeup RX and TX rings. */ 2517 IWN_WRITE(sc, IWN_FH_RX_WPTR, sc->rxq.cur & ~7); 2518 for (qid = 0; qid < sc->sc_hal->ntxqs; qid++) { 2519 struct iwn_tx_ring *ring = &sc->txq[qid]; 2520 IWN_WRITE(sc, IWN_HBUS_TARG_WRPTR, qid << 8 | ring->cur); 2521 } 2522 } 2523 2524 /* 2525 * Dump the error log of the firmware when a firmware panic occurs. Although 2526 * we can't debug the firmware because it is neither open source nor free, it 2527 * can help us to identify certain classes of problems. 2528 */ 2529 static void 2530 iwn_fatal_intr(struct iwn_softc *sc) 2531 { 2532 const struct iwn_hal *hal = sc->sc_hal; 2533 struct iwn_fw_dump dump; 2534 int i; 2535 2536 /* Force a complete recalibration on next init. */ 2537 sc->sc_flags &= ~IWN_FLAG_CALIB_DONE; 2538 2539 /* Check that the error log address is valid. */ 2540 if (sc->errptr < IWN_FW_DATA_BASE || 2541 sc->errptr + sizeof (dump) > 2542 IWN_FW_DATA_BASE + hal->fw_data_maxsz) { 2543 aprint_error_dev(sc->sc_dev, 2544 "bad firmware error log address 0x%08x\n", sc->errptr); 2545 return; 2546 } 2547 if (iwn_nic_lock(sc) != 0) { 2548 aprint_error_dev(sc->sc_dev, 2549 "could not read firmware error log\n"); 2550 return; 2551 } 2552 /* Read firmware error log from SRAM. */ 2553 iwn_mem_read_region_4(sc, sc->errptr, (uint32_t *)&dump, 2554 sizeof (dump) / sizeof (uint32_t)); 2555 iwn_nic_unlock(sc); 2556 2557 if (dump.valid == 0) { 2558 aprint_error_dev(sc->sc_dev, 2559 "firmware error log is empty\n"); 2560 return; 2561 } 2562 aprint_error("firmware error log:\n"); 2563 aprint_error(" error type = \"%s\" (0x%08X)\n", 2564 (dump.id < __arraycount(iwn_fw_errmsg)) ? 2565 iwn_fw_errmsg[dump.id] : "UNKNOWN", 2566 dump.id); 2567 aprint_error(" program counter = 0x%08X\n", dump.pc); 2568 aprint_error(" source line = 0x%08X\n", dump.src_line); 2569 aprint_error(" error data = 0x%08X%08X\n", 2570 dump.error_data[0], dump.error_data[1]); 2571 aprint_error(" branch link = 0x%08X%08X\n", 2572 dump.branch_link[0], dump.branch_link[1]); 2573 aprint_error(" interrupt link = 0x%08X%08X\n", 2574 dump.interrupt_link[0], dump.interrupt_link[1]); 2575 aprint_error(" time = %u\n", dump.time[0]); 2576 2577 /* Dump driver status (TX and RX rings) while we're here. */ 2578 aprint_error("driver status:\n"); 2579 for (i = 0; i < hal->ntxqs; i++) { 2580 struct iwn_tx_ring *ring = &sc->txq[i]; 2581 aprint_error(" tx ring %2d: qid=%-2d cur=%-3d queued=%-3d\n", 2582 i, ring->qid, ring->cur, ring->queued); 2583 } 2584 aprint_error(" rx ring: cur=%d\n", sc->rxq.cur); 2585 aprint_error(" 802.11 state %d\n", sc->sc_ic.ic_state); 2586 } 2587 2588 static int 2589 iwn_intr(void *arg) 2590 { 2591 struct iwn_softc *sc = arg; 2592 struct ifnet *ifp = sc->sc_ic.ic_ifp; 2593 uint32_t r1, r2, tmp; 2594 2595 /* Disable interrupts. */ 2596 IWN_WRITE(sc, IWN_INT_MASK, 0); 2597 2598 /* Read interrupts from ICT (fast) or from registers (slow). */ 2599 if (sc->sc_flags & IWN_FLAG_USE_ICT) { 2600 tmp = 0; 2601 while (sc->ict[sc->ict_cur] != 0) { 2602 tmp |= sc->ict[sc->ict_cur]; 2603 sc->ict[sc->ict_cur] = 0; /* Acknowledge. */ 2604 sc->ict_cur = (sc->ict_cur + 1) % IWN_ICT_COUNT; 2605 } 2606 tmp = le32toh(tmp); 2607 if (tmp == 0xffffffff) /* Shouldn't happen. */ 2608 tmp = 0; 2609 else if (tmp & 0xc0000) /* Workaround a HW bug. */ 2610 tmp |= 0x8000; 2611 r1 = (tmp & 0xff00) << 16 | (tmp & 0xff); 2612 r2 = 0; /* Unused. */ 2613 } else { 2614 r1 = IWN_READ(sc, IWN_INT); 2615 if (r1 == 0xffffffff || (r1 & 0xfffffff0) == 0xa5a5a5a0) 2616 return 0; /* Hardware gone! */ 2617 r2 = IWN_READ(sc, IWN_FH_INT); 2618 } 2619 if (r1 == 0 && r2 == 0) { 2620 if (ifp->if_flags & IFF_UP) 2621 IWN_WRITE(sc, IWN_INT_MASK, sc->int_mask); 2622 return 0; /* Interrupt not for us. */ 2623 } 2624 2625 /* Acknowledge interrupts. */ 2626 IWN_WRITE(sc, IWN_INT, r1); 2627 if (!(sc->sc_flags & IWN_FLAG_USE_ICT)) 2628 IWN_WRITE(sc, IWN_FH_INT, r2); 2629 2630 if (r1 & IWN_INT_RF_TOGGLED) { 2631 tmp = IWN_READ(sc, IWN_GP_CNTRL); 2632 aprint_error_dev(sc->sc_dev, 2633 "RF switch: radio %s\n", 2634 (tmp & IWN_GP_CNTRL_RFKILL) ? "enabled" : "disabled"); 2635 } 2636 if (r1 & IWN_INT_CT_REACHED) { 2637 aprint_error_dev(sc->sc_dev, 2638 "critical temperature reached!\n"); 2639 } 2640 if (r1 & (IWN_INT_SW_ERR | IWN_INT_HW_ERR)) { 2641 aprint_error_dev(sc->sc_dev, 2642 "fatal firmware error\n"); 2643 /* Dump firmware error log and stop. */ 2644 iwn_fatal_intr(sc); 2645 ifp->if_flags &= ~IFF_UP; 2646 iwn_stop(ifp, 1); 2647 return 1; 2648 } 2649 if ((r1 & (IWN_INT_FH_RX | IWN_INT_SW_RX | IWN_INT_RX_PERIODIC)) || 2650 (r2 & IWN_FH_INT_RX)) { 2651 if (sc->sc_flags & IWN_FLAG_USE_ICT) { 2652 if (r1 & (IWN_INT_FH_RX | IWN_INT_SW_RX)) 2653 IWN_WRITE(sc, IWN_FH_INT, IWN_FH_INT_RX); 2654 IWN_WRITE_1(sc, IWN_INT_PERIODIC, 2655 IWN_INT_PERIODIC_DIS); 2656 iwn_notif_intr(sc); 2657 if (r1 & (IWN_INT_FH_RX | IWN_INT_SW_RX)) { 2658 IWN_WRITE_1(sc, IWN_INT_PERIODIC, 2659 IWN_INT_PERIODIC_ENA); 2660 } 2661 } else 2662 iwn_notif_intr(sc); 2663 } 2664 2665 if ((r1 & IWN_INT_FH_TX) || (r2 & IWN_FH_INT_TX)) { 2666 if (sc->sc_flags & IWN_FLAG_USE_ICT) 2667 IWN_WRITE(sc, IWN_FH_INT, IWN_FH_INT_TX); 2668 wakeup(sc); /* FH DMA transfer completed. */ 2669 } 2670 2671 if (r1 & IWN_INT_ALIVE) 2672 wakeup(sc); /* Firmware is alive. */ 2673 2674 if (r1 & IWN_INT_WAKEUP) 2675 iwn_wakeup_intr(sc); 2676 2677 /* Re-enable interrupts. */ 2678 if (ifp->if_flags & IFF_UP) 2679 IWN_WRITE(sc, IWN_INT_MASK, sc->int_mask); 2680 2681 return 1; 2682 } 2683 2684 /* 2685 * Update TX scheduler ring when transmitting an 802.11 frame (4965AGN and 2686 * 5000 adapters use a slightly different format.) 2687 */ 2688 static void 2689 iwn4965_update_sched(struct iwn_softc *sc, int qid, int idx, uint8_t id, 2690 uint16_t len) 2691 { 2692 uint16_t *w = &sc->sched[qid * IWN4965_SCHED_COUNT + idx]; 2693 2694 *w = htole16(len + 8); 2695 bus_dmamap_sync(sc->sc_dmat, sc->sched_dma.map, 2696 (char *)(void *)w - (char *)(void *)sc->sched_dma.vaddr, 2697 sizeof (uint16_t), 2698 BUS_DMASYNC_PREWRITE); 2699 if (idx < IWN_SCHED_WINSZ) { 2700 *(w + IWN_TX_RING_COUNT) = *w; 2701 bus_dmamap_sync(sc->sc_dmat, sc->sched_dma.map, 2702 (char *)(void *)(w + IWN_TX_RING_COUNT) - 2703 (char *)(void *)sc->sched_dma.vaddr, 2704 sizeof (uint16_t), BUS_DMASYNC_PREWRITE); 2705 } 2706 } 2707 2708 static void 2709 iwn5000_update_sched(struct iwn_softc *sc, int qid, int idx, uint8_t id, 2710 uint16_t len) 2711 { 2712 uint16_t *w = &sc->sched[qid * IWN5000_SCHED_COUNT + idx]; 2713 2714 *w = htole16(id << 12 | (len + 8)); 2715 bus_dmamap_sync(sc->sc_dmat, sc->sched_dma.map, 2716 (char *)(void *)w - (char *)(void *)sc->sched_dma.vaddr, 2717 sizeof (uint16_t), BUS_DMASYNC_PREWRITE); 2718 if (idx < IWN_SCHED_WINSZ) { 2719 *(w + IWN_TX_RING_COUNT) = *w; 2720 bus_dmamap_sync(sc->sc_dmat, sc->sched_dma.map, 2721 (char *)(void *)(w + IWN_TX_RING_COUNT) - 2722 (char *)(void *)sc->sched_dma.vaddr, 2723 sizeof (uint16_t), BUS_DMASYNC_PREWRITE); 2724 } 2725 } 2726 2727 #ifdef notyet 2728 static void 2729 iwn5000_reset_sched(struct iwn_softc *sc, int qid, int idx) 2730 { 2731 uint16_t *w = &sc->sched[qid * IWN5000_SCHED_COUNT + idx]; 2732 2733 *w = (*w & htole16(0xf000)) | htole16(1); 2734 bus_dmamap_sync(sc->sc_dmat, sc->sched_dma.map, 2735 (char *)(void *)w - (char *)(void *)sc->sched_dma.vaddr, 2736 sizeof (uint16_t), BUS_DMASYNC_PREWRITE); 2737 if (idx < IWN_SCHED_WINSZ) { 2738 *(w + IWN_TX_RING_COUNT) = *w; 2739 bus_dmamap_sync(sc->sc_dmat, sc->sched_dma.map, 2740 (char *)(void *)(w + IWN_TX_RING_COUNT) - 2741 (char *)(void *)sc->sched_dma.vaddr, 2742 sizeof (uint16_t), BUS_DMASYNC_PREWRITE); 2743 } 2744 } 2745 #endif 2746 2747 static int 2748 iwn_tx(struct iwn_softc *sc, struct mbuf *m, struct ieee80211_node *ni, int ac) 2749 { 2750 const struct iwn_hal *hal = sc->sc_hal; 2751 struct ieee80211com *ic = &sc->sc_ic; 2752 struct iwn_node *wn = (void *)ni; 2753 struct iwn_tx_ring *ring; 2754 struct iwn_tx_desc *desc; 2755 struct iwn_tx_data *data; 2756 struct iwn_tx_cmd *cmd; 2757 struct iwn_cmd_data *tx; 2758 const struct iwn_rate *rinfo; 2759 struct ieee80211_frame *wh; 2760 struct ieee80211_key *k = NULL; 2761 struct mbuf *m1; 2762 uint32_t flags; 2763 u_int hdrlen; 2764 bus_dma_segment_t *seg; 2765 uint8_t tid, ridx, txant, type; 2766 int i, totlen, error, pad; 2767 2768 const struct chanAccParams *cap; 2769 int noack; 2770 int hdrlen2; 2771 2772 wh = mtod(m, struct ieee80211_frame *); 2773 hdrlen = ieee80211_anyhdrsize(wh); 2774 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 2775 2776 hdrlen2 = (IEEE80211_QOS_HAS_SEQ(wh)) ? 2777 sizeof (struct ieee80211_qosframe) : 2778 sizeof (struct ieee80211_frame); 2779 2780 if (hdrlen != hdrlen2) 2781 aprint_error_dev(sc->sc_dev, "hdrlen error (%d != %d)\n", 2782 hdrlen, hdrlen2); 2783 2784 /* XXX OpenBSD sets a different tid when using QOS */ 2785 tid = 0; 2786 if (IEEE80211_QOS_HAS_SEQ(wh)) { 2787 cap = &ic->ic_wme.wme_chanParams; 2788 noack = cap->cap_wmeParams[ac].wmep_noackPolicy; 2789 } 2790 else 2791 noack = 0; 2792 2793 ring = &sc->txq[ac]; 2794 desc = &ring->desc[ring->cur]; 2795 data = &ring->data[ring->cur]; 2796 2797 /* Choose a TX rate index. */ 2798 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 2799 type != IEEE80211_FC0_TYPE_DATA) { 2800 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 2801 IWN_RIDX_OFDM6 : IWN_RIDX_CCK1; 2802 } else if (ic->ic_fixed_rate != -1) { 2803 ridx = sc->fixed_ridx; 2804 } else 2805 ridx = wn->ridx[ni->ni_txrate]; 2806 rinfo = &iwn_rates[ridx]; 2807 2808 /* Encrypt the frame if need be. */ 2809 /* 2810 * XXX For now, NetBSD swaps the encryption and bpf sections 2811 * in order to match old code and other drivers. Tests with 2812 * tcpdump indicates that the order is irrelevant, however, 2813 * as bpf produces unencrypted data for both ordering choices. 2814 */ 2815 if (wh->i_fc[1] & IEEE80211_FC1_WEP) { 2816 k = ieee80211_crypto_encap(ic, ni, m); 2817 if (k == NULL) { 2818 m_freem(m); 2819 return ENOBUFS; 2820 } 2821 /* Packet header may have moved, reset our local pointer. */ 2822 wh = mtod(m, struct ieee80211_frame *); 2823 } 2824 totlen = m->m_pkthdr.len; 2825 2826 if (sc->sc_drvbpf != NULL) { 2827 struct iwn_tx_radiotap_header *tap = &sc->sc_txtap; 2828 2829 tap->wt_flags = 0; 2830 tap->wt_chan_freq = htole16(ni->ni_chan->ic_freq); 2831 tap->wt_chan_flags = htole16(ni->ni_chan->ic_flags); 2832 tap->wt_rate = rinfo->rate; 2833 tap->wt_hwqueue = ac; 2834 if (wh->i_fc[1] & IEEE80211_FC1_WEP) 2835 tap->wt_flags |= IEEE80211_RADIOTAP_F_WEP; 2836 2837 bpf_mtap2(sc->sc_drvbpf, tap, sc->sc_txtap_len, m); 2838 } 2839 2840 /* Prepare TX firmware command. */ 2841 cmd = &ring->cmd[ring->cur]; 2842 cmd->code = IWN_CMD_TX_DATA; 2843 cmd->flags = 0; 2844 cmd->qid = ring->qid; 2845 cmd->idx = ring->cur; 2846 2847 tx = (struct iwn_cmd_data *)cmd->data; 2848 /* NB: No need to clear tx, all fields are reinitialized here. */ 2849 tx->scratch = 0; /* clear "scratch" area */ 2850 2851 flags = 0; 2852 if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 2853 /* Unicast frame, check if an ACK is expected. */ 2854 if (!noack) 2855 flags |= IWN_TX_NEED_ACK; 2856 } 2857 2858 #ifdef notyet 2859 /* XXX NetBSD does not define IEEE80211_FC0_SUBTYPE_BAR */ 2860 if ((wh->i_fc[0] & 2861 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) == 2862 (IEEE80211_FC0_TYPE_CTL | IEEE80211_FC0_SUBTYPE_BAR)) 2863 flags |= IWN_TX_IMM_BA; /* Cannot happen yet. */ 2864 #endif 2865 2866 if (wh->i_fc[1] & IEEE80211_FC1_MORE_FRAG) 2867 flags |= IWN_TX_MORE_FRAG; /* Cannot happen yet. */ 2868 2869 /* Check if frame must be protected using RTS/CTS or CTS-to-self. */ 2870 if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 2871 /* NB: Group frames are sent using CCK in 802.11b/g. */ 2872 if (totlen + IEEE80211_CRC_LEN > ic->ic_rtsthreshold) { 2873 flags |= IWN_TX_NEED_RTS; 2874 } else if ((ic->ic_flags & IEEE80211_F_USEPROT) && 2875 ridx >= IWN_RIDX_OFDM6) { 2876 if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 2877 flags |= IWN_TX_NEED_CTS; 2878 else if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 2879 flags |= IWN_TX_NEED_RTS; 2880 } 2881 if (flags & (IWN_TX_NEED_RTS | IWN_TX_NEED_CTS)) { 2882 if (sc->hw_type != IWN_HW_REV_TYPE_4965) { 2883 /* 5000 autoselects RTS/CTS or CTS-to-self. */ 2884 flags &= ~(IWN_TX_NEED_RTS | IWN_TX_NEED_CTS); 2885 flags |= IWN_TX_NEED_PROTECTION; 2886 } else 2887 flags |= IWN_TX_FULL_TXOP; 2888 } 2889 } 2890 2891 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 2892 type != IEEE80211_FC0_TYPE_DATA) 2893 tx->id = hal->broadcast_id; 2894 else 2895 tx->id = wn->id; 2896 2897 if (type == IEEE80211_FC0_TYPE_MGT) { 2898 uint8_t subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 2899 2900 #ifndef IEEE80211_STA_ONLY 2901 /* Tell HW to set timestamp in probe responses. */ 2902 /* XXX NetBSD rev 1.11 added probe requests here but */ 2903 /* probe requests do not take timestamps (from Bergamini). */ 2904 if (subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP) 2905 flags |= IWN_TX_INSERT_TSTAMP; 2906 #endif 2907 /* XXX NetBSD rev 1.11 and 1.20 added AUTH/DAUTH and RTS/CTS */ 2908 /* changes here. These are not needed (from Bergamini). */ 2909 if (subtype == IEEE80211_FC0_SUBTYPE_ASSOC_REQ || 2910 subtype == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) 2911 tx->timeout = htole16(3); 2912 else 2913 tx->timeout = htole16(2); 2914 } else 2915 tx->timeout = htole16(0); 2916 2917 if (hdrlen & 3) { 2918 /* First segment's length must be a multiple of 4. */ 2919 flags |= IWN_TX_NEED_PADDING; 2920 pad = 4 - (hdrlen & 3); 2921 } else 2922 pad = 0; 2923 2924 tx->len = htole16(totlen); 2925 tx->tid = tid; 2926 tx->rts_ntries = 60; 2927 tx->data_ntries = 15; 2928 tx->lifetime = htole32(IWN_LIFETIME_INFINITE); 2929 tx->plcp = rinfo->plcp; 2930 tx->rflags = rinfo->flags; 2931 if (tx->id == hal->broadcast_id) { 2932 /* Group or management frame. */ 2933 tx->linkq = 0; 2934 /* XXX Alternate between antenna A and B? */ 2935 txant = IWN_LSB(sc->txchainmask); 2936 tx->rflags |= IWN_RFLAG_ANT(txant); 2937 } else { 2938 tx->linkq = ni->ni_rates.rs_nrates - ni->ni_txrate - 1; 2939 flags |= IWN_TX_LINKQ; /* enable MRR */ 2940 } 2941 /* Set physical address of "scratch area". */ 2942 tx->loaddr = htole32(IWN_LOADDR(data->scratch_paddr)); 2943 tx->hiaddr = IWN_HIADDR(data->scratch_paddr); 2944 2945 /* Copy 802.11 header in TX command. */ 2946 /* XXX NetBSD changed this in rev 1.20 */ 2947 memcpy(((uint8_t *)tx) + sizeof(*tx), wh, hdrlen); 2948 2949 /* Trim 802.11 header. */ 2950 m_adj(m, hdrlen); 2951 tx->security = 0; 2952 tx->flags = htole32(flags); 2953 2954 error = bus_dmamap_load_mbuf(sc->sc_dmat, data->map, m, 2955 BUS_DMA_NOWAIT | BUS_DMA_WRITE); 2956 if (error != 0) { 2957 if (error != EFBIG) { 2958 aprint_error_dev(sc->sc_dev, 2959 "can't map mbuf (error %d)\n", error); 2960 m_freem(m); 2961 return error; 2962 } 2963 /* Too many DMA segments, linearize mbuf. */ 2964 MGETHDR(m1, M_DONTWAIT, MT_DATA); 2965 if (m1 == NULL) { 2966 m_freem(m); 2967 return ENOBUFS; 2968 } 2969 if (m->m_pkthdr.len > MHLEN) { 2970 MCLGET(m1, M_DONTWAIT); 2971 if (!(m1->m_flags & M_EXT)) { 2972 m_freem(m); 2973 m_freem(m1); 2974 return ENOBUFS; 2975 } 2976 } 2977 m_copydata(m, 0, m->m_pkthdr.len, mtod(m1, void *)); 2978 m1->m_pkthdr.len = m1->m_len = m->m_pkthdr.len; 2979 m_freem(m); 2980 m = m1; 2981 2982 error = bus_dmamap_load_mbuf(sc->sc_dmat, data->map, m, 2983 BUS_DMA_NOWAIT | BUS_DMA_WRITE); 2984 if (error != 0) { 2985 aprint_error_dev(sc->sc_dev, 2986 "can't map mbuf (error %d)\n", error); 2987 m_freem(m); 2988 return error; 2989 } 2990 } 2991 2992 data->m = m; 2993 data->ni = ni; 2994 2995 DPRINTFN(4, ("sending data: qid=%d idx=%d len=%d nsegs=%d\n", 2996 ring->qid, ring->cur, m->m_pkthdr.len, data->map->dm_nsegs)); 2997 2998 /* Fill TX descriptor. */ 2999 desc->nsegs = 1 + data->map->dm_nsegs; 3000 /* First DMA segment is used by the TX command. */ 3001 desc->segs[0].addr = htole32(IWN_LOADDR(data->cmd_paddr)); 3002 desc->segs[0].len = htole16(IWN_HIADDR(data->cmd_paddr) | 3003 (4 + sizeof (*tx) + hdrlen + pad) << 4); 3004 /* Other DMA segments are for data payload. */ 3005 seg = data->map->dm_segs; 3006 for (i = 1; i <= data->map->dm_nsegs; i++) { 3007 desc->segs[i].addr = htole32(IWN_LOADDR(seg->ds_addr)); 3008 desc->segs[i].len = htole16(IWN_HIADDR(seg->ds_addr) | 3009 seg->ds_len << 4); 3010 seg++; 3011 } 3012 3013 bus_dmamap_sync(sc->sc_dmat, data->map, 0, data->map->dm_mapsize, 3014 BUS_DMASYNC_PREWRITE); 3015 bus_dmamap_sync(sc->sc_dmat, ring->cmd_dma.map, 3016 (char *)(void *)cmd - (char *)(void *)ring->cmd_dma.vaddr, 3017 sizeof (*cmd), BUS_DMASYNC_PREWRITE); 3018 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map, 3019 (char *)(void *)desc - (char *)(void *)ring->desc_dma.vaddr, 3020 sizeof (*desc), BUS_DMASYNC_PREWRITE); 3021 3022 #ifdef notyet 3023 /* Update TX scheduler. */ 3024 hal->update_sched(sc, ring->qid, ring->cur, tx->id, totlen); 3025 #endif 3026 3027 /* Kick TX ring. */ 3028 ring->cur = (ring->cur + 1) % IWN_TX_RING_COUNT; 3029 IWN_WRITE(sc, IWN_HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur); 3030 3031 /* Mark TX ring as full if we reach a certain threshold. */ 3032 if (++ring->queued > IWN_TX_RING_HIMARK) 3033 sc->qfullmsk |= 1 << ring->qid; 3034 3035 return 0; 3036 } 3037 3038 static void 3039 iwn_start(struct ifnet *ifp) 3040 { 3041 struct iwn_softc *sc = ifp->if_softc; 3042 struct ieee80211com *ic = &sc->sc_ic; 3043 struct ieee80211_node *ni; 3044 struct ether_header *eh; 3045 struct mbuf *m; 3046 int ac; 3047 3048 if ((ifp->if_flags & (IFF_RUNNING | IFF_OACTIVE)) != IFF_RUNNING) 3049 return; 3050 3051 for (;;) { 3052 if (sc->qfullmsk != 0) { 3053 ifp->if_flags |= IFF_OACTIVE; 3054 break; 3055 } 3056 /* Send pending management frames first. */ 3057 IF_DEQUEUE(&ic->ic_mgtq, m); 3058 if (m != NULL) { 3059 ni = (void *)m->m_pkthdr.rcvif; 3060 ac = 0; 3061 goto sendit; 3062 } 3063 if (ic->ic_state != IEEE80211_S_RUN) 3064 break; 3065 3066 /* Encapsulate and send data frames. */ 3067 IFQ_DEQUEUE(&ifp->if_snd, m); 3068 if (m == NULL) 3069 break; 3070 if (m->m_len < sizeof (*eh) && 3071 (m = m_pullup(m, sizeof (*eh))) == NULL) { 3072 ifp->if_oerrors++; 3073 continue; 3074 } 3075 eh = mtod(m, struct ether_header *); 3076 ni = ieee80211_find_txnode(ic, eh->ether_dhost); 3077 if (ni == NULL) { 3078 m_freem(m); 3079 ifp->if_oerrors++; 3080 continue; 3081 } 3082 /* classify mbuf so we can find which tx ring to use */ 3083 if (ieee80211_classify(ic, m, ni) != 0) { 3084 m_freem(m); 3085 ieee80211_free_node(ni); 3086 ifp->if_oerrors++; 3087 continue; 3088 } 3089 3090 /* No QoS encapsulation for EAPOL frames. */ 3091 ac = (eh->ether_type != htons(ETHERTYPE_PAE)) ? 3092 M_WME_GETAC(m) : WME_AC_BE; 3093 3094 bpf_mtap(ifp, m); 3095 3096 if ((m = ieee80211_encap(ic, m, ni)) == NULL) { 3097 ieee80211_free_node(ni); 3098 ifp->if_oerrors++; 3099 continue; 3100 } 3101 sendit: 3102 bpf_mtap3(ic->ic_rawbpf, m); 3103 3104 if (iwn_tx(sc, m, ni, ac) != 0) { 3105 ieee80211_free_node(ni); 3106 ifp->if_oerrors++; 3107 continue; 3108 } 3109 3110 sc->sc_tx_timer = 5; 3111 ifp->if_timer = 1; 3112 } 3113 } 3114 3115 static void 3116 iwn_watchdog(struct ifnet *ifp) 3117 { 3118 struct iwn_softc *sc = ifp->if_softc; 3119 3120 ifp->if_timer = 0; 3121 3122 if (sc->sc_tx_timer > 0) { 3123 if (--sc->sc_tx_timer == 0) { 3124 aprint_error_dev(sc->sc_dev, 3125 "device timeout\n"); 3126 ifp->if_flags &= ~IFF_UP; 3127 iwn_stop(ifp, 1); 3128 ifp->if_oerrors++; 3129 return; 3130 } 3131 ifp->if_timer = 1; 3132 } 3133 3134 ieee80211_watchdog(&sc->sc_ic); 3135 } 3136 3137 static int 3138 iwn_ioctl(struct ifnet *ifp, u_long cmd, void *data) 3139 { 3140 struct iwn_softc *sc = ifp->if_softc; 3141 struct ieee80211com *ic = &sc->sc_ic; 3142 struct ifaddr *ifa; 3143 const struct sockaddr *sa; 3144 int s, error = 0; 3145 3146 s = splnet(); 3147 3148 switch (cmd) { 3149 case SIOCSIFADDR: 3150 ifa = (struct ifaddr *)data; 3151 ifp->if_flags |= IFF_UP; 3152 #ifdef INET 3153 if (ifa->ifa_addr->sa_family == AF_INET) 3154 arp_ifinit(&ic->ic_ac, ifa); 3155 #endif 3156 /* FALLTHROUGH */ 3157 case SIOCSIFFLAGS: 3158 /* XXX Added as it is in every NetBSD driver */ 3159 if ((error = ifioctl_common(ifp, cmd, data)) != 0) 3160 break; 3161 if (ifp->if_flags & IFF_UP) { 3162 if (!(ifp->if_flags & IFF_RUNNING)) 3163 error = iwn_init(ifp); 3164 } else { 3165 if (ifp->if_flags & IFF_RUNNING) 3166 iwn_stop(ifp, 1); 3167 } 3168 break; 3169 3170 case SIOCADDMULTI: 3171 case SIOCDELMULTI: 3172 sa = ifreq_getaddr(SIOCADDMULTI, (struct ifreq *)data); 3173 error = (cmd == SIOCADDMULTI) ? 3174 ether_addmulti(sa, &sc->sc_ec) : 3175 ether_delmulti(sa, &sc->sc_ec); 3176 3177 if (error == ENETRESET) 3178 error = 0; 3179 break; 3180 3181 default: 3182 error = ieee80211_ioctl(ic, cmd, data); 3183 } 3184 3185 if (error == ENETRESET) { 3186 error = 0; 3187 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == 3188 (IFF_UP | IFF_RUNNING)) { 3189 iwn_stop(ifp, 0); 3190 error = iwn_init(ifp); 3191 } 3192 } 3193 splx(s); 3194 return error; 3195 } 3196 3197 /* 3198 * Send a command to the firmware. 3199 */ 3200 static int 3201 iwn_cmd(struct iwn_softc *sc, int code, const void *buf, int size, int async) 3202 { 3203 struct iwn_tx_ring *ring = &sc->txq[4]; 3204 struct iwn_tx_desc *desc; 3205 struct iwn_tx_data *data; 3206 struct iwn_tx_cmd *cmd; 3207 struct mbuf *m; 3208 bus_addr_t paddr; 3209 int totlen, error; 3210 3211 desc = &ring->desc[ring->cur]; 3212 data = &ring->data[ring->cur]; 3213 totlen = 4 + size; 3214 3215 if (size > sizeof cmd->data) { 3216 /* Command is too large to fit in a descriptor. */ 3217 if (totlen > MCLBYTES) 3218 return EINVAL; 3219 MGETHDR(m, M_DONTWAIT, MT_DATA); 3220 if (m == NULL) 3221 return ENOMEM; 3222 if (totlen > MHLEN) { 3223 MCLGET(m, M_DONTWAIT); 3224 if (!(m->m_flags & M_EXT)) { 3225 m_freem(m); 3226 return ENOMEM; 3227 } 3228 } 3229 cmd = mtod(m, struct iwn_tx_cmd *); 3230 error = bus_dmamap_load(sc->sc_dmat, data->map, cmd, totlen, 3231 NULL, BUS_DMA_NOWAIT | BUS_DMA_WRITE); 3232 if (error != 0) { 3233 m_freem(m); 3234 return error; 3235 } 3236 data->m = m; 3237 paddr = data->map->dm_segs[0].ds_addr; 3238 } else { 3239 cmd = &ring->cmd[ring->cur]; 3240 paddr = data->cmd_paddr; 3241 } 3242 3243 cmd->code = code; 3244 cmd->flags = 0; 3245 cmd->qid = ring->qid; 3246 cmd->idx = ring->cur; 3247 memcpy(cmd->data, buf, size); 3248 3249 desc->nsegs = 1; 3250 desc->segs[0].addr = htole32(IWN_LOADDR(paddr)); 3251 desc->segs[0].len = htole16(IWN_HIADDR(paddr) | totlen << 4); 3252 3253 if (size > sizeof cmd->data) { 3254 bus_dmamap_sync(sc->sc_dmat, data->map, 0, totlen, 3255 BUS_DMASYNC_PREWRITE); 3256 } else { 3257 bus_dmamap_sync(sc->sc_dmat, ring->cmd_dma.map, 3258 (char *)(void *)cmd - (char *)(void *)ring->cmd_dma.vaddr, 3259 totlen, BUS_DMASYNC_PREWRITE); 3260 } 3261 bus_dmamap_sync(sc->sc_dmat, ring->desc_dma.map, 3262 (char *)(void *)desc - (char *)(void *)ring->desc_dma.vaddr, 3263 sizeof (*desc), BUS_DMASYNC_PREWRITE); 3264 3265 #ifdef notyet 3266 /* Update TX scheduler. */ 3267 sc->sc_hal->update_sched(sc, ring->qid, ring->cur, 0, 0); 3268 #endif 3269 DPRINTFN(4, ("iwn_cmd %d size=%d %s\n", code, size, async ? " (async)" : "")); 3270 3271 /* Kick command ring. */ 3272 ring->cur = (ring->cur + 1) % IWN_TX_RING_COUNT; 3273 IWN_WRITE(sc, IWN_HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur); 3274 3275 return async ? 0 : tsleep(desc, PCATCH, "iwncmd", hz); 3276 } 3277 3278 static int 3279 iwn4965_add_node(struct iwn_softc *sc, struct iwn_node_info *node, int async) 3280 { 3281 struct iwn4965_node_info hnode; 3282 char *src, *dst; 3283 3284 /* 3285 * We use the node structure for 5000 Series internally (it is 3286 * a superset of the one for 4965AGN). We thus copy the common 3287 * fields before sending the command. 3288 */ 3289 src = (char *)node; 3290 dst = (char *)&hnode; 3291 memcpy(dst, src, 48); 3292 /* Skip TSC, RX MIC and TX MIC fields from ``src''. */ 3293 memcpy(dst + 48, src + 72, 20); 3294 return iwn_cmd(sc, IWN_CMD_ADD_NODE, &hnode, sizeof hnode, async); 3295 } 3296 3297 static int 3298 iwn5000_add_node(struct iwn_softc *sc, struct iwn_node_info *node, int async) 3299 { 3300 /* Direct mapping. */ 3301 return iwn_cmd(sc, IWN_CMD_ADD_NODE, node, sizeof (*node), async); 3302 } 3303 3304 static int 3305 iwn_set_link_quality(struct iwn_softc *sc, struct ieee80211_node *ni) 3306 { 3307 struct iwn_node *wn = (void *)ni; 3308 struct ieee80211_rateset *rs = &ni->ni_rates; 3309 struct iwn_cmd_link_quality linkq; 3310 const struct iwn_rate *rinfo; 3311 uint8_t txant; 3312 int i, txrate; 3313 3314 /* Use the first valid TX antenna. */ 3315 txant = IWN_LSB(sc->txchainmask); 3316 3317 memset(&linkq, 0, sizeof linkq); 3318 linkq.id = wn->id; 3319 linkq.antmsk_1stream = txant; 3320 linkq.antmsk_2stream = IWN_ANT_AB; 3321 linkq.ampdu_max = 31; 3322 linkq.ampdu_threshold = 3; 3323 linkq.ampdu_limit = htole16(4000); /* 4ms */ 3324 3325 /* Start at highest available bit-rate. */ 3326 txrate = rs->rs_nrates - 1; 3327 for (i = 0; i < IWN_MAX_TX_RETRIES; i++) { 3328 rinfo = &iwn_rates[wn->ridx[txrate]]; 3329 linkq.retry[i].plcp = rinfo->plcp; 3330 linkq.retry[i].rflags = rinfo->flags; 3331 linkq.retry[i].rflags |= IWN_RFLAG_ANT(txant); 3332 /* Next retry at immediate lower bit-rate. */ 3333 if (txrate > 0) 3334 txrate--; 3335 } 3336 return iwn_cmd(sc, IWN_CMD_LINK_QUALITY, &linkq, sizeof linkq, 1); 3337 } 3338 3339 /* 3340 * Broadcast node is used to send group-addressed and management frames. 3341 */ 3342 static int 3343 iwn_add_broadcast_node(struct iwn_softc *sc, int async) 3344 { 3345 const struct iwn_hal *hal = sc->sc_hal; 3346 struct iwn_node_info node; 3347 struct iwn_cmd_link_quality linkq; 3348 const struct iwn_rate *rinfo; 3349 uint8_t txant; 3350 int i, error; 3351 3352 memset(&node, 0, sizeof node); 3353 IEEE80211_ADDR_COPY(node.macaddr, etherbroadcastaddr); 3354 node.id = hal->broadcast_id; 3355 DPRINTF(("adding broadcast node\n")); 3356 if ((error = hal->add_node(sc, &node, async)) != 0) 3357 return error; 3358 3359 /* Use the first valid TX antenna. */ 3360 txant = IWN_LSB(sc->txchainmask); 3361 3362 memset(&linkq, 0, sizeof linkq); 3363 linkq.id = hal->broadcast_id; 3364 linkq.antmsk_1stream = txant; 3365 linkq.antmsk_2stream = IWN_ANT_AB; 3366 linkq.ampdu_max = 64; 3367 linkq.ampdu_threshold = 3; 3368 linkq.ampdu_limit = htole16(4000); /* 4ms */ 3369 3370 /* Use lowest mandatory bit-rate. */ 3371 rinfo = (sc->sc_ic.ic_curmode != IEEE80211_MODE_11A) ? 3372 &iwn_rates[IWN_RIDX_CCK1] : &iwn_rates[IWN_RIDX_OFDM6]; 3373 linkq.retry[0].plcp = rinfo->plcp; 3374 linkq.retry[0].rflags = rinfo->flags; 3375 linkq.retry[0].rflags |= IWN_RFLAG_ANT(txant); 3376 /* Use same bit-rate for all TX retries. */ 3377 for (i = 1; i < IWN_MAX_TX_RETRIES; i++) { 3378 linkq.retry[i].plcp = linkq.retry[0].plcp; 3379 linkq.retry[i].rflags = linkq.retry[0].rflags; 3380 } 3381 return iwn_cmd(sc, IWN_CMD_LINK_QUALITY, &linkq, sizeof linkq, async); 3382 } 3383 3384 static void 3385 iwn_set_led(struct iwn_softc *sc, uint8_t which, uint8_t off, uint8_t on) 3386 { 3387 struct iwn_cmd_led led; 3388 3389 /* Clear microcode LED ownership. */ 3390 IWN_CLRBITS(sc, IWN_LED, IWN_LED_BSM_CTRL); 3391 3392 led.which = which; 3393 led.unit = htole32(10000); /* on/off in unit of 100ms */ 3394 led.off = off; 3395 led.on = on; 3396 (void)iwn_cmd(sc, IWN_CMD_SET_LED, &led, sizeof led, 1); 3397 } 3398 3399 /* 3400 * Set the critical temperature at which the firmware will stop the radio 3401 * and notify us. 3402 */ 3403 static int 3404 iwn_set_critical_temp(struct iwn_softc *sc) 3405 { 3406 struct iwn_critical_temp crit; 3407 int32_t temp; 3408 3409 IWN_WRITE(sc, IWN_UCODE_GP1_CLR, IWN_UCODE_GP1_CTEMP_STOP_RF); 3410 3411 if (sc->hw_type == IWN_HW_REV_TYPE_5150) 3412 temp = (IWN_CTOK(110) - sc->temp_off) * -5; 3413 else if (sc->hw_type == IWN_HW_REV_TYPE_4965) 3414 temp = IWN_CTOK(110); 3415 else 3416 temp = 110; 3417 memset(&crit, 0, sizeof crit); 3418 crit.tempR = htole32(temp); 3419 DPRINTF(("setting critical temperature to %d\n", temp)); 3420 return iwn_cmd(sc, IWN_CMD_SET_CRITICAL_TEMP, &crit, sizeof crit, 0); 3421 } 3422 3423 static int 3424 iwn_set_timing(struct iwn_softc *sc, struct ieee80211_node *ni) 3425 { 3426 struct iwn_cmd_timing cmd; 3427 uint64_t val, mod; 3428 3429 memset(&cmd, 0, sizeof cmd); 3430 memcpy(&cmd.tstamp, ni->ni_tstamp.data, sizeof (uint64_t)); 3431 cmd.bintval = htole16(ni->ni_intval); 3432 cmd.lintval = htole16(10); 3433 3434 /* Compute remaining time until next beacon. */ 3435 val = (uint64_t)ni->ni_intval * 1024; /* msecs -> usecs */ 3436 mod = le64toh(cmd.tstamp) % val; 3437 cmd.binitval = htole32((uint32_t)(val - mod)); 3438 3439 DPRINTF(("timing bintval=%u, tstamp=%zu, init=%u\n", 3440 ni->ni_intval, le64toh(cmd.tstamp), (uint32_t)(val - mod))); 3441 3442 return iwn_cmd(sc, IWN_CMD_TIMING, &cmd, sizeof cmd, 1); 3443 } 3444 3445 static void 3446 iwn4965_power_calibration(struct iwn_softc *sc, int temp) 3447 { 3448 /* Adjust TX power if need be (delta >= 3 degC.) */ 3449 DPRINTF(("temperature %d->%d\n", sc->temp, temp)); 3450 if (abs(temp - sc->temp) >= 3) { 3451 /* Record temperature of last calibration. */ 3452 sc->temp = temp; 3453 (void)iwn4965_set_txpower(sc, 1); 3454 } 3455 } 3456 3457 /* 3458 * Set TX power for current channel (each rate has its own power settings). 3459 * This function takes into account the regulatory information from EEPROM, 3460 * the current temperature and the current voltage. 3461 */ 3462 static int 3463 iwn4965_set_txpower(struct iwn_softc *sc, int async) 3464 { 3465 /* Fixed-point arithmetic division using a n-bit fractional part. */ 3466 #define fdivround(a, b, n) \ 3467 ((((1 << n) * (a)) / (b) + (1 << n) / 2) / (1 << n)) 3468 /* Linear interpolation. */ 3469 #define interpolate(x, x1, y1, x2, y2, n) \ 3470 ((y1) + fdivround(((int)(x) - (x1)) * ((y2) - (y1)), (x2) - (x1), n)) 3471 3472 static const int tdiv[IWN_NATTEN_GROUPS] = { 9, 8, 8, 8, 6 }; 3473 struct ieee80211com *ic = &sc->sc_ic; 3474 struct iwn_ucode_info *uc = &sc->ucode_info; 3475 struct ieee80211_channel *ch; 3476 struct iwn4965_cmd_txpower cmd; 3477 struct iwn4965_eeprom_chan_samples *chans; 3478 const uint8_t *rf_gain, *dsp_gain; 3479 int32_t vdiff, tdiff; 3480 int i, c, grp, maxpwr; 3481 uint8_t chan; 3482 3483 /* Retrieve current channel from last RXON. */ 3484 chan = sc->rxon.chan; 3485 DPRINTF(("setting TX power for channel %d\n", chan)); 3486 ch = &ic->ic_channels[chan]; 3487 3488 memset(&cmd, 0, sizeof cmd); 3489 cmd.band = IEEE80211_IS_CHAN_5GHZ(ch) ? 0 : 1; 3490 cmd.chan = chan; 3491 3492 if (IEEE80211_IS_CHAN_5GHZ(ch)) { 3493 maxpwr = sc->maxpwr5GHz; 3494 rf_gain = iwn4965_rf_gain_5ghz; 3495 dsp_gain = iwn4965_dsp_gain_5ghz; 3496 } else { 3497 maxpwr = sc->maxpwr2GHz; 3498 rf_gain = iwn4965_rf_gain_2ghz; 3499 dsp_gain = iwn4965_dsp_gain_2ghz; 3500 } 3501 3502 /* Compute voltage compensation. */ 3503 vdiff = ((int32_t)le32toh(uc->volt) - sc->eeprom_voltage) / 7; 3504 if (vdiff > 0) 3505 vdiff *= 2; 3506 if (abs(vdiff) > 2) 3507 vdiff = 0; 3508 DPRINTF(("voltage compensation=%d (UCODE=%d, EEPROM=%d)\n", 3509 vdiff, le32toh(uc->volt), sc->eeprom_voltage)); 3510 3511 /* Get channel attenuation group. */ 3512 if (chan <= 20) /* 1-20 */ 3513 grp = 4; 3514 else if (chan <= 43) /* 34-43 */ 3515 grp = 0; 3516 else if (chan <= 70) /* 44-70 */ 3517 grp = 1; 3518 else if (chan <= 124) /* 71-124 */ 3519 grp = 2; 3520 else /* 125-200 */ 3521 grp = 3; 3522 DPRINTF(("chan %d, attenuation group=%d\n", chan, grp)); 3523 3524 /* Get channel sub-band. */ 3525 for (i = 0; i < IWN_NBANDS; i++) 3526 if (sc->bands[i].lo != 0 && 3527 sc->bands[i].lo <= chan && chan <= sc->bands[i].hi) 3528 break; 3529 if (i == IWN_NBANDS) /* Can't happen in real-life. */ 3530 return EINVAL; 3531 chans = sc->bands[i].chans; 3532 DPRINTF(("chan %d sub-band=%d\n", chan, i)); 3533 3534 for (c = 0; c < 2; c++) { 3535 uint8_t power, gain, temp; 3536 int maxchpwr, pwr, ridx, idx; 3537 3538 power = interpolate(chan, 3539 chans[0].num, chans[0].samples[c][1].power, 3540 chans[1].num, chans[1].samples[c][1].power, 1); 3541 gain = interpolate(chan, 3542 chans[0].num, chans[0].samples[c][1].gain, 3543 chans[1].num, chans[1].samples[c][1].gain, 1); 3544 temp = interpolate(chan, 3545 chans[0].num, chans[0].samples[c][1].temp, 3546 chans[1].num, chans[1].samples[c][1].temp, 1); 3547 DPRINTF(("TX chain %d: power=%d gain=%d temp=%d\n", 3548 c, power, gain, temp)); 3549 3550 /* Compute temperature compensation. */ 3551 tdiff = ((sc->temp - temp) * 2) / tdiv[grp]; 3552 DPRINTF(("temperature compensation=%d (current=%d, " 3553 "EEPROM=%d)\n", tdiff, sc->temp, temp)); 3554 3555 for (ridx = 0; ridx <= IWN_RIDX_MAX; ridx++) { 3556 /* Convert dBm to half-dBm. */ 3557 maxchpwr = sc->maxpwr[chan] * 2; 3558 if ((ridx / 8) & 1) 3559 maxchpwr -= 6; /* MIMO 2T: -3dB */ 3560 3561 pwr = maxpwr; 3562 3563 /* Adjust TX power based on rate. */ 3564 if ((ridx % 8) == 5) 3565 pwr -= 15; /* OFDM48: -7.5dB */ 3566 else if ((ridx % 8) == 6) 3567 pwr -= 17; /* OFDM54: -8.5dB */ 3568 else if ((ridx % 8) == 7) 3569 pwr -= 20; /* OFDM60: -10dB */ 3570 else 3571 pwr -= 10; /* Others: -5dB */ 3572 3573 /* Do not exceed channel max TX power. */ 3574 if (pwr > maxchpwr) 3575 pwr = maxchpwr; 3576 3577 idx = gain - (pwr - power) - tdiff - vdiff; 3578 if ((ridx / 8) & 1) /* MIMO */ 3579 idx += (int32_t)le32toh(uc->atten[grp][c]); 3580 3581 if (cmd.band == 0) 3582 idx += 9; /* 5GHz */ 3583 if (ridx == IWN_RIDX_MAX) 3584 idx += 5; /* CCK */ 3585 3586 /* Make sure idx stays in a valid range. */ 3587 if (idx < 0) 3588 idx = 0; 3589 else if (idx > IWN4965_MAX_PWR_INDEX) 3590 idx = IWN4965_MAX_PWR_INDEX; 3591 3592 DPRINTF(("TX chain %d, rate idx %d: power=%d\n", 3593 c, ridx, idx)); 3594 cmd.power[ridx].rf_gain[c] = rf_gain[idx]; 3595 cmd.power[ridx].dsp_gain[c] = dsp_gain[idx]; 3596 } 3597 } 3598 3599 DPRINTF(("setting TX power for chan %d\n", chan)); 3600 return iwn_cmd(sc, IWN_CMD_TXPOWER, &cmd, sizeof cmd, async); 3601 3602 #undef interpolate 3603 #undef fdivround 3604 } 3605 3606 static int 3607 iwn5000_set_txpower(struct iwn_softc *sc, int async) 3608 { 3609 struct iwn5000_cmd_txpower cmd; 3610 3611 /* 3612 * TX power calibration is handled automatically by the firmware 3613 * for 5000 Series. 3614 */ 3615 memset(&cmd, 0, sizeof cmd); 3616 cmd.global_limit = 2 * IWN5000_TXPOWER_MAX_DBM; /* 16 dBm */ 3617 cmd.flags = IWN5000_TXPOWER_NO_CLOSED; 3618 cmd.srv_limit = IWN5000_TXPOWER_AUTO; 3619 DPRINTF(("setting TX power\n")); 3620 return iwn_cmd(sc, IWN_CMD_TXPOWER_DBM, &cmd, sizeof cmd, async); 3621 } 3622 3623 /* 3624 * Retrieve the maximum RSSI (in dBm) among receivers. 3625 */ 3626 static int 3627 iwn4965_get_rssi(const struct iwn_rx_stat *stat) 3628 { 3629 const struct iwn4965_rx_phystat *phy = (const void *)stat->phybuf; 3630 uint8_t mask, agc; 3631 int rssi; 3632 3633 mask = (le16toh(phy->antenna) >> 4) & IWN_ANT_ABC; 3634 agc = (le16toh(phy->agc) >> 7) & 0x7f; 3635 3636 rssi = 0; 3637 if (mask & IWN_ANT_A) 3638 rssi = MAX(rssi, phy->rssi[0]); 3639 if (mask & IWN_ANT_B) 3640 rssi = MAX(rssi, phy->rssi[2]); 3641 if (mask & IWN_ANT_C) 3642 rssi = MAX(rssi, phy->rssi[4]); 3643 3644 return rssi - agc - IWN_RSSI_TO_DBM; 3645 } 3646 3647 static int 3648 iwn5000_get_rssi(const struct iwn_rx_stat *stat) 3649 { 3650 const struct iwn5000_rx_phystat *phy = (const void *)stat->phybuf; 3651 uint8_t agc; 3652 int rssi; 3653 3654 agc = (le32toh(phy->agc) >> 9) & 0x7f; 3655 3656 rssi = MAX(le16toh(phy->rssi[0]) & 0xff, 3657 le16toh(phy->rssi[1]) & 0xff); 3658 rssi = MAX(le16toh(phy->rssi[2]) & 0xff, rssi); 3659 3660 return rssi - agc - IWN_RSSI_TO_DBM; 3661 } 3662 3663 /* 3664 * Retrieve the average noise (in dBm) among receivers. 3665 */ 3666 static int 3667 iwn_get_noise(const struct iwn_rx_general_stats *stats) 3668 { 3669 int i, total, nbant, noise; 3670 3671 total = nbant = 0; 3672 for (i = 0; i < 3; i++) { 3673 if ((noise = le32toh(stats->noise[i]) & 0xff) == 0) 3674 continue; 3675 total += noise; 3676 nbant++; 3677 } 3678 /* There should be at least one antenna but check anyway. */ 3679 return (nbant == 0) ? -127 : (total / nbant) - 107; 3680 } 3681 3682 /* 3683 * Compute temperature (in degC) from last received statistics. 3684 */ 3685 static int 3686 iwn4965_get_temperature(struct iwn_softc *sc) 3687 { 3688 struct iwn_ucode_info *uc = &sc->ucode_info; 3689 int32_t r1, r2, r3, r4, temp; 3690 3691 r1 = le32toh(uc->temp[0].chan20MHz); 3692 r2 = le32toh(uc->temp[1].chan20MHz); 3693 r3 = le32toh(uc->temp[2].chan20MHz); 3694 r4 = le32toh(sc->rawtemp); 3695 3696 if (r1 == r3) /* Prevents division by 0 (should not happen.) */ 3697 return 0; 3698 3699 /* Sign-extend 23-bit R4 value to 32-bit. */ 3700 r4 = (r4 << 8) >> 8; 3701 /* Compute temperature in Kelvin. */ 3702 temp = (259 * (r4 - r2)) / (r3 - r1); 3703 temp = (temp * 97) / 100 + 8; 3704 3705 DPRINTF(("temperature %dK/%dC\n", temp, IWN_KTOC(temp))); 3706 return IWN_KTOC(temp); 3707 } 3708 3709 static int 3710 iwn5000_get_temperature(struct iwn_softc *sc) 3711 { 3712 int32_t temp; 3713 3714 /* 3715 * Temperature is not used by the driver for 5000 Series because 3716 * TX power calibration is handled by firmware. We export it to 3717 * users through the sensor framework though. 3718 */ 3719 temp = le32toh(sc->rawtemp); 3720 if (sc->hw_type == IWN_HW_REV_TYPE_5150) { 3721 temp = (temp / -5) + sc->temp_off; 3722 temp = IWN_KTOC(temp); 3723 } 3724 return temp; 3725 } 3726 3727 /* 3728 * Initialize sensitivity calibration state machine. 3729 */ 3730 static int 3731 iwn_init_sensitivity(struct iwn_softc *sc) 3732 { 3733 const struct iwn_hal *hal = sc->sc_hal; 3734 struct iwn_calib_state *calib = &sc->calib; 3735 uint32_t flags; 3736 int error; 3737 3738 /* Reset calibration state machine. */ 3739 memset(calib, 0, sizeof (*calib)); 3740 calib->state = IWN_CALIB_STATE_INIT; 3741 calib->cck_state = IWN_CCK_STATE_HIFA; 3742 /* Set initial correlation values. */ 3743 calib->ofdm_x1 = sc->limits->min_ofdm_x1; 3744 calib->ofdm_mrc_x1 = sc->limits->min_ofdm_mrc_x1; 3745 calib->ofdm_x4 = sc->limits->min_ofdm_x4; 3746 calib->ofdm_mrc_x4 = sc->limits->min_ofdm_mrc_x4; 3747 calib->cck_x4 = 125; 3748 calib->cck_mrc_x4 = sc->limits->min_cck_mrc_x4; 3749 calib->energy_cck = sc->limits->energy_cck; 3750 3751 /* Write initial sensitivity. */ 3752 if ((error = iwn_send_sensitivity(sc)) != 0) 3753 return error; 3754 3755 /* Write initial gains. */ 3756 if ((error = hal->init_gains(sc)) != 0) 3757 return error; 3758 3759 /* Request statistics at each beacon interval. */ 3760 flags = 0; 3761 DPRINTF(("sending request for statistics\n")); 3762 return iwn_cmd(sc, IWN_CMD_GET_STATISTICS, &flags, sizeof flags, 1); 3763 } 3764 3765 /* 3766 * Collect noise and RSSI statistics for the first 20 beacons received 3767 * after association and use them to determine connected antennas and 3768 * to set differential gains. 3769 */ 3770 static void 3771 iwn_collect_noise(struct iwn_softc *sc, 3772 const struct iwn_rx_general_stats *stats) 3773 { 3774 const struct iwn_hal *hal = sc->sc_hal; 3775 struct iwn_calib_state *calib = &sc->calib; 3776 uint32_t val; 3777 int i; 3778 3779 /* Accumulate RSSI and noise for all 3 antennas. */ 3780 for (i = 0; i < 3; i++) { 3781 calib->rssi[i] += le32toh(stats->rssi[i]) & 0xff; 3782 calib->noise[i] += le32toh(stats->noise[i]) & 0xff; 3783 } 3784 /* NB: We update differential gains only once after 20 beacons. */ 3785 if (++calib->nbeacons < 20) 3786 return; 3787 3788 /* Determine highest average RSSI. */ 3789 val = MAX(calib->rssi[0], calib->rssi[1]); 3790 val = MAX(calib->rssi[2], val); 3791 3792 /* Determine which antennas are connected. */ 3793 sc->chainmask = sc->rxchainmask; 3794 for (i = 0; i < 3; i++) 3795 if (val - calib->rssi[i] > 15 * 20) 3796 sc->chainmask &= ~(1 << i); 3797 DPRINTF(("RX chains mask: theoretical=0x%x, actual=0x%x\n", 3798 sc->rxchainmask, sc->chainmask)); 3799 3800 /* If none of the TX antennas are connected, keep at least one. */ 3801 if ((sc->chainmask & sc->txchainmask) == 0) 3802 sc->chainmask |= IWN_LSB(sc->txchainmask); 3803 3804 (void)hal->set_gains(sc); 3805 calib->state = IWN_CALIB_STATE_RUN; 3806 3807 #ifdef notyet 3808 /* XXX Disable RX chains with no antennas connected. */ 3809 sc->rxon.rxchain = htole16(IWN_RXCHAIN_SEL(sc->chainmask)); 3810 (void)iwn_cmd(sc, IWN_CMD_RXON, &sc->rxon, hal->rxonsz, 1); 3811 #endif 3812 3813 /* Enable power-saving mode if requested by user. */ 3814 if (sc->sc_ic.ic_flags & IEEE80211_F_PMGTON) 3815 (void)iwn_set_pslevel(sc, 0, 3, 1); 3816 } 3817 3818 static int 3819 iwn4965_init_gains(struct iwn_softc *sc) 3820 { 3821 struct iwn_phy_calib_gain cmd; 3822 3823 memset(&cmd, 0, sizeof cmd); 3824 cmd.code = IWN4965_PHY_CALIB_DIFF_GAIN; 3825 /* Differential gains initially set to 0 for all 3 antennas. */ 3826 DPRINTF(("setting initial differential gains\n")); 3827 return iwn_cmd(sc, IWN_CMD_PHY_CALIB, &cmd, sizeof cmd, 1); 3828 } 3829 3830 static int 3831 iwn5000_init_gains(struct iwn_softc *sc) 3832 { 3833 struct iwn_phy_calib cmd; 3834 3835 memset(&cmd, 0, sizeof cmd); 3836 cmd.code = IWN5000_PHY_CALIB_RESET_NOISE_GAIN; 3837 cmd.ngroups = 1; 3838 cmd.isvalid = 1; 3839 DPRINTF(("setting initial differential gains\n")); 3840 return iwn_cmd(sc, IWN_CMD_PHY_CALIB, &cmd, sizeof cmd, 1); 3841 } 3842 3843 static int 3844 iwn4965_set_gains(struct iwn_softc *sc) 3845 { 3846 struct iwn_calib_state *calib = &sc->calib; 3847 struct iwn_phy_calib_gain cmd; 3848 int i, delta, noise; 3849 3850 /* Get minimal noise among connected antennas. */ 3851 noise = INT_MAX; /* NB: There's at least one antenna. */ 3852 for (i = 0; i < 3; i++) 3853 if (sc->chainmask & (1 << i)) 3854 noise = MIN(calib->noise[i], noise); 3855 3856 memset(&cmd, 0, sizeof cmd); 3857 cmd.code = IWN4965_PHY_CALIB_DIFF_GAIN; 3858 /* Set differential gains for connected antennas. */ 3859 for (i = 0; i < 3; i++) { 3860 if (sc->chainmask & (1 << i)) { 3861 /* Compute attenuation (in unit of 1.5dB). */ 3862 delta = (noise - (int32_t)calib->noise[i]) / 30; 3863 /* NB: delta <= 0 */ 3864 /* Limit to [-4.5dB,0]. */ 3865 cmd.gain[i] = MIN(abs(delta), 3); 3866 if (delta < 0) 3867 cmd.gain[i] |= 1 << 2; /* sign bit */ 3868 } 3869 } 3870 DPRINTF(("setting differential gains Ant A/B/C: %x/%x/%x (%x)\n", 3871 cmd.gain[0], cmd.gain[1], cmd.gain[2], sc->chainmask)); 3872 return iwn_cmd(sc, IWN_CMD_PHY_CALIB, &cmd, sizeof cmd, 1); 3873 } 3874 3875 static int 3876 iwn5000_set_gains(struct iwn_softc *sc) 3877 { 3878 struct iwn_calib_state *calib = &sc->calib; 3879 struct iwn_phy_calib_gain cmd; 3880 int i, ant, div, delta; 3881 3882 /* We collected 20 beacons and !=6050 need a 1.5 factor. */ 3883 div = (sc->hw_type == IWN_HW_REV_TYPE_6050) ? 20 : 30; 3884 3885 memset(&cmd, 0, sizeof cmd); 3886 cmd.code = IWN5000_PHY_CALIB_NOISE_GAIN; 3887 cmd.ngroups = 1; 3888 cmd.isvalid = 1; 3889 /* Get first available RX antenna as referential. */ 3890 ant = IWN_LSB(sc->rxchainmask); 3891 /* Set differential gains for other antennas. */ 3892 for (i = ant + 1; i < 3; i++) { 3893 if (sc->chainmask & (1 << i)) { 3894 /* The delta is relative to antenna "ant". */ 3895 delta = ((int32_t)calib->noise[ant] - 3896 (int32_t)calib->noise[i]) / div; 3897 /* Limit to [-4.5dB,+4.5dB]. */ 3898 cmd.gain[i - 1] = MIN(abs(delta), 3); 3899 if (delta < 0) 3900 cmd.gain[i - 1] |= 1 << 2; /* sign bit */ 3901 } 3902 } 3903 DPRINTF(("setting differential gains: %x/%x (%x)\n", 3904 cmd.gain[0], cmd.gain[1], sc->chainmask)); 3905 return iwn_cmd(sc, IWN_CMD_PHY_CALIB, &cmd, sizeof cmd, 1); 3906 } 3907 3908 /* 3909 * Tune RF RX sensitivity based on the number of false alarms detected 3910 * during the last beacon period. 3911 */ 3912 static void 3913 iwn_tune_sensitivity(struct iwn_softc *sc, const struct iwn_rx_stats *stats) 3914 { 3915 #define inc(val, inc, max) \ 3916 if ((val) < (max)) { \ 3917 if ((val) < (max) - (inc)) \ 3918 (val) += (inc); \ 3919 else \ 3920 (val) = (max); \ 3921 needs_update = 1; \ 3922 } 3923 #define dec(val, dec, min) \ 3924 if ((val) > (min)) { \ 3925 if ((val) > (min) + (dec)) \ 3926 (val) -= (dec); \ 3927 else \ 3928 (val) = (min); \ 3929 needs_update = 1; \ 3930 } 3931 3932 const struct iwn_sensitivity_limits *limits = sc->limits; 3933 struct iwn_calib_state *calib = &sc->calib; 3934 uint32_t val, rxena, fa; 3935 uint32_t energy[3], energy_min; 3936 uint8_t noise[3], noise_ref; 3937 int i, needs_update = 0; 3938 3939 /* Check that we've been enabled long enough. */ 3940 if ((rxena = le32toh(stats->general.load)) == 0) 3941 return; 3942 3943 /* Compute number of false alarms since last call for OFDM. */ 3944 fa = le32toh(stats->ofdm.bad_plcp) - calib->bad_plcp_ofdm; 3945 fa += le32toh(stats->ofdm.fa) - calib->fa_ofdm; 3946 fa *= 200 * 1024; /* 200TU */ 3947 3948 /* Save counters values for next call. */ 3949 calib->bad_plcp_ofdm = le32toh(stats->ofdm.bad_plcp); 3950 calib->fa_ofdm = le32toh(stats->ofdm.fa); 3951 3952 if (fa > 50 * rxena) { 3953 /* High false alarm count, decrease sensitivity. */ 3954 DPRINTFN(2, ("OFDM high false alarm count: %u\n", fa)); 3955 inc(calib->ofdm_x1, 1, limits->max_ofdm_x1); 3956 inc(calib->ofdm_mrc_x1, 1, limits->max_ofdm_mrc_x1); 3957 inc(calib->ofdm_x4, 1, limits->max_ofdm_x4); 3958 inc(calib->ofdm_mrc_x4, 1, limits->max_ofdm_mrc_x4); 3959 3960 } else if (fa < 5 * rxena) { 3961 /* Low false alarm count, increase sensitivity. */ 3962 DPRINTFN(2, ("OFDM low false alarm count: %u\n", fa)); 3963 dec(calib->ofdm_x1, 1, limits->min_ofdm_x1); 3964 dec(calib->ofdm_mrc_x1, 1, limits->min_ofdm_mrc_x1); 3965 dec(calib->ofdm_x4, 1, limits->min_ofdm_x4); 3966 dec(calib->ofdm_mrc_x4, 1, limits->min_ofdm_mrc_x4); 3967 } 3968 3969 /* Compute maximum noise among 3 receivers. */ 3970 for (i = 0; i < 3; i++) 3971 noise[i] = (le32toh(stats->general.noise[i]) >> 8) & 0xff; 3972 val = MAX(noise[0], noise[1]); 3973 val = MAX(noise[2], val); 3974 /* Insert it into our samples table. */ 3975 calib->noise_samples[calib->cur_noise_sample] = val; 3976 calib->cur_noise_sample = (calib->cur_noise_sample + 1) % 20; 3977 3978 /* Compute maximum noise among last 20 samples. */ 3979 noise_ref = calib->noise_samples[0]; 3980 for (i = 1; i < 20; i++) 3981 noise_ref = MAX(noise_ref, calib->noise_samples[i]); 3982 3983 /* Compute maximum energy among 3 receivers. */ 3984 for (i = 0; i < 3; i++) 3985 energy[i] = le32toh(stats->general.energy[i]); 3986 val = MIN(energy[0], energy[1]); 3987 val = MIN(energy[2], val); 3988 /* Insert it into our samples table. */ 3989 calib->energy_samples[calib->cur_energy_sample] = val; 3990 calib->cur_energy_sample = (calib->cur_energy_sample + 1) % 10; 3991 3992 /* Compute minimum energy among last 10 samples. */ 3993 energy_min = calib->energy_samples[0]; 3994 for (i = 1; i < 10; i++) 3995 energy_min = MAX(energy_min, calib->energy_samples[i]); 3996 energy_min += 6; 3997 3998 /* Compute number of false alarms since last call for CCK. */ 3999 fa = le32toh(stats->cck.bad_plcp) - calib->bad_plcp_cck; 4000 fa += le32toh(stats->cck.fa) - calib->fa_cck; 4001 fa *= 200 * 1024; /* 200TU */ 4002 4003 /* Save counters values for next call. */ 4004 calib->bad_plcp_cck = le32toh(stats->cck.bad_plcp); 4005 calib->fa_cck = le32toh(stats->cck.fa); 4006 4007 if (fa > 50 * rxena) { 4008 /* High false alarm count, decrease sensitivity. */ 4009 DPRINTFN(2, ("CCK high false alarm count: %u\n", fa)); 4010 calib->cck_state = IWN_CCK_STATE_HIFA; 4011 calib->low_fa = 0; 4012 4013 if (calib->cck_x4 > 160) { 4014 calib->noise_ref = noise_ref; 4015 if (calib->energy_cck > 2) 4016 dec(calib->energy_cck, 2, energy_min); 4017 } 4018 if (calib->cck_x4 < 160) { 4019 calib->cck_x4 = 161; 4020 needs_update = 1; 4021 } else 4022 inc(calib->cck_x4, 3, limits->max_cck_x4); 4023 4024 inc(calib->cck_mrc_x4, 3, limits->max_cck_mrc_x4); 4025 4026 } else if (fa < 5 * rxena) { 4027 /* Low false alarm count, increase sensitivity. */ 4028 DPRINTFN(2, ("CCK low false alarm count: %u\n", fa)); 4029 calib->cck_state = IWN_CCK_STATE_LOFA; 4030 calib->low_fa++; 4031 4032 if (calib->cck_state != IWN_CCK_STATE_INIT && 4033 (((int32_t)calib->noise_ref - (int32_t)noise_ref) > 2 || 4034 calib->low_fa > 100)) { 4035 inc(calib->energy_cck, 2, limits->min_energy_cck); 4036 dec(calib->cck_x4, 3, limits->min_cck_x4); 4037 dec(calib->cck_mrc_x4, 3, limits->min_cck_mrc_x4); 4038 } 4039 } else { 4040 /* Not worth to increase or decrease sensitivity. */ 4041 DPRINTFN(2, ("CCK normal false alarm count: %u\n", fa)); 4042 calib->low_fa = 0; 4043 calib->noise_ref = noise_ref; 4044 4045 if (calib->cck_state == IWN_CCK_STATE_HIFA) { 4046 /* Previous interval had many false alarms. */ 4047 dec(calib->energy_cck, 8, energy_min); 4048 } 4049 calib->cck_state = IWN_CCK_STATE_INIT; 4050 } 4051 4052 if (needs_update) 4053 (void)iwn_send_sensitivity(sc); 4054 #undef dec 4055 #undef inc 4056 } 4057 4058 static int 4059 iwn_send_sensitivity(struct iwn_softc *sc) 4060 { 4061 struct iwn_calib_state *calib = &sc->calib; 4062 struct iwn_sensitivity_cmd cmd; 4063 4064 memset(&cmd, 0, sizeof cmd); 4065 cmd.which = IWN_SENSITIVITY_WORKTBL; 4066 /* OFDM modulation. */ 4067 cmd.corr_ofdm_x1 = htole16(calib->ofdm_x1); 4068 cmd.corr_ofdm_mrc_x1 = htole16(calib->ofdm_mrc_x1); 4069 cmd.corr_ofdm_x4 = htole16(calib->ofdm_x4); 4070 cmd.corr_ofdm_mrc_x4 = htole16(calib->ofdm_mrc_x4); 4071 cmd.energy_ofdm = htole16(sc->limits->energy_ofdm); 4072 cmd.energy_ofdm_th = htole16(62); 4073 /* CCK modulation. */ 4074 cmd.corr_cck_x4 = htole16(calib->cck_x4); 4075 cmd.corr_cck_mrc_x4 = htole16(calib->cck_mrc_x4); 4076 cmd.energy_cck = htole16(calib->energy_cck); 4077 /* Barker modulation: use default values. */ 4078 cmd.corr_barker = htole16(190); 4079 cmd.corr_barker_mrc = htole16(390); 4080 4081 DPRINTFN(2, ("setting sensitivity %d/%d/%d/%d/%d/%d/%d\n", 4082 calib->ofdm_x1, calib->ofdm_mrc_x1, calib->ofdm_x4, 4083 calib->ofdm_mrc_x4, calib->cck_x4, calib->cck_mrc_x4, 4084 calib->energy_cck)); 4085 return iwn_cmd(sc, IWN_CMD_SET_SENSITIVITY, &cmd, sizeof cmd, 1); 4086 } 4087 4088 /* 4089 * Set STA mode power saving level (between 0 and 5). 4090 * Level 0 is CAM (Continuously Aware Mode), 5 is for maximum power saving. 4091 */ 4092 static int 4093 iwn_set_pslevel(struct iwn_softc *sc, int dtim, int level, int async) 4094 { 4095 struct iwn_pmgt_cmd cmd; 4096 const struct iwn_pmgt *pmgt; 4097 uint32_t maxp, skip_dtim; 4098 pcireg_t reg; 4099 int i; 4100 4101 /* Select which PS parameters to use. */ 4102 if (dtim <= 2) 4103 pmgt = &iwn_pmgt[0][level]; 4104 else if (dtim <= 10) 4105 pmgt = &iwn_pmgt[1][level]; 4106 else 4107 pmgt = &iwn_pmgt[2][level]; 4108 4109 memset(&cmd, 0, sizeof cmd); 4110 if (level != 0) /* not CAM */ 4111 cmd.flags |= htole16(IWN_PS_ALLOW_SLEEP); 4112 if (level == 5) 4113 cmd.flags |= htole16(IWN_PS_FAST_PD); 4114 /* Retrieve PCIe Active State Power Management (ASPM). */ 4115 reg = pci_conf_read(sc->sc_pct, sc->sc_pcitag, 4116 sc->sc_cap_off + PCI_PCIE_LCSR); 4117 if (!(reg & PCI_PCIE_LCSR_ASPM_L0S)) /* L0s Entry disabled. */ 4118 cmd.flags |= htole16(IWN_PS_PCI_PMGT); 4119 cmd.rxtimeout = htole32(pmgt->rxtimeout * 1024); 4120 cmd.txtimeout = htole32(pmgt->txtimeout * 1024); 4121 4122 if (dtim == 0) { 4123 dtim = 1; 4124 skip_dtim = 0; 4125 } else 4126 skip_dtim = pmgt->skip_dtim; 4127 if (skip_dtim != 0) { 4128 cmd.flags |= htole16(IWN_PS_SLEEP_OVER_DTIM); 4129 maxp = pmgt->intval[4]; 4130 if (maxp == (uint32_t)-1) 4131 maxp = dtim * (skip_dtim + 1); 4132 else if (maxp > dtim) 4133 maxp = (maxp / dtim) * dtim; 4134 } else 4135 maxp = dtim; 4136 for (i = 0; i < 5; i++) 4137 cmd.intval[i] = htole32(MIN(maxp, pmgt->intval[i])); 4138 4139 DPRINTF(("setting power saving level to %d\n", level)); 4140 return iwn_cmd(sc, IWN_CMD_SET_POWER_MODE, &cmd, sizeof cmd, async); 4141 } 4142 4143 static int 4144 iwn_config(struct iwn_softc *sc) 4145 { 4146 const struct iwn_hal *hal = sc->sc_hal; 4147 struct ieee80211com *ic = &sc->sc_ic; 4148 struct ifnet *ifp = ic->ic_ifp; 4149 struct iwn_bluetooth bluetooth; 4150 uint32_t txmask; 4151 uint16_t rxchain; 4152 int error; 4153 4154 /* Configure valid TX chains for 5000 Series. */ 4155 if (sc->hw_type != IWN_HW_REV_TYPE_4965) { 4156 txmask = htole32(sc->txchainmask); 4157 DPRINTF(("configuring valid TX chains 0x%x\n", txmask)); 4158 error = iwn_cmd(sc, IWN5000_CMD_TX_ANT_CONFIG, &txmask, 4159 sizeof txmask, 0); 4160 if (error != 0) { 4161 aprint_error_dev(sc->sc_dev, 4162 "could not configure valid TX chains\n"); 4163 return error; 4164 } 4165 } 4166 4167 /* Configure bluetooth coexistence. */ 4168 memset(&bluetooth, 0, sizeof bluetooth); 4169 bluetooth.flags = IWN_BT_COEX_CHAN_ANN | IWN_BT_COEX_BT_PRIO; 4170 bluetooth.lead_time = IWN_BT_LEAD_TIME_DEF; 4171 bluetooth.max_kill = IWN_BT_MAX_KILL_DEF; 4172 DPRINTF(("configuring bluetooth coexistence\n")); 4173 error = iwn_cmd(sc, IWN_CMD_BT_COEX, &bluetooth, sizeof bluetooth, 0); 4174 if (error != 0) { 4175 aprint_error_dev(sc->sc_dev, 4176 "could not configure bluetooth coexistence\n"); 4177 return error; 4178 } 4179 4180 /* Set mode, channel, RX filter and enable RX. */ 4181 memset(&sc->rxon, 0, sizeof (struct iwn_rxon)); 4182 IEEE80211_ADDR_COPY(ic->ic_myaddr, CLLADDR(ifp->if_sadl)); 4183 IEEE80211_ADDR_COPY(sc->rxon.myaddr, ic->ic_myaddr); 4184 IEEE80211_ADDR_COPY(sc->rxon.wlap, ic->ic_myaddr); 4185 sc->rxon.chan = ieee80211_chan2ieee(ic, ic->ic_ibss_chan); 4186 sc->rxon.flags = htole32(IWN_RXON_TSF | IWN_RXON_CTS_TO_SELF); 4187 if (IEEE80211_IS_CHAN_2GHZ(ic->ic_ibss_chan)) 4188 sc->rxon.flags |= htole32(IWN_RXON_AUTO | IWN_RXON_24GHZ); 4189 switch (ic->ic_opmode) { 4190 case IEEE80211_M_STA: 4191 sc->rxon.mode = IWN_MODE_STA; 4192 sc->rxon.filter = htole32(IWN_FILTER_MULTICAST); 4193 break; 4194 case IEEE80211_M_MONITOR: 4195 sc->rxon.mode = IWN_MODE_MONITOR; 4196 sc->rxon.filter = htole32(IWN_FILTER_MULTICAST | 4197 IWN_FILTER_CTL | IWN_FILTER_PROMISC); 4198 break; 4199 default: 4200 /* Should not get there. */ 4201 break; 4202 } 4203 sc->rxon.cck_mask = 0x0f; /* not yet negotiated */ 4204 sc->rxon.ofdm_mask = 0xff; /* not yet negotiated */ 4205 sc->rxon.ht_single_mask = 0xff; 4206 sc->rxon.ht_dual_mask = 0xff; 4207 sc->rxon.ht_triple_mask = 0xff; 4208 rxchain = 4209 IWN_RXCHAIN_VALID(sc->rxchainmask) | 4210 IWN_RXCHAIN_MIMO_COUNT(2) | 4211 IWN_RXCHAIN_IDLE_COUNT(2); 4212 sc->rxon.rxchain = htole16(rxchain); 4213 DPRINTF(("setting configuration\n")); 4214 error = iwn_cmd(sc, IWN_CMD_RXON, &sc->rxon, hal->rxonsz, 0); 4215 if (error != 0) { 4216 aprint_error_dev(sc->sc_dev, 4217 "RXON command failed\n"); 4218 return error; 4219 } 4220 4221 if ((error = iwn_add_broadcast_node(sc, 0)) != 0) { 4222 aprint_error_dev(sc->sc_dev, 4223 "could not add broadcast node\n"); 4224 return error; 4225 } 4226 4227 /* Configuration has changed, set TX power accordingly. */ 4228 if ((error = hal->set_txpower(sc, 0)) != 0) { 4229 aprint_error_dev(sc->sc_dev, 4230 "could not set TX power\n"); 4231 return error; 4232 } 4233 4234 if ((error = iwn_set_critical_temp(sc)) != 0) { 4235 aprint_error_dev(sc->sc_dev, 4236 "could not set critical temperature\n"); 4237 return error; 4238 } 4239 4240 /* Set power saving level to CAM during initialization. */ 4241 if ((error = iwn_set_pslevel(sc, 0, 0, 0)) != 0) { 4242 aprint_error_dev(sc->sc_dev, 4243 "could not set power saving level\n"); 4244 return error; 4245 } 4246 return 0; 4247 } 4248 4249 static int 4250 iwn_scan(struct iwn_softc *sc, uint16_t flags) 4251 { 4252 struct ieee80211com *ic = &sc->sc_ic; 4253 struct iwn_scan_hdr *hdr; 4254 struct iwn_cmd_data *tx; 4255 struct iwn_scan_essid *essid; 4256 struct iwn_scan_chan *chan; 4257 struct ieee80211_frame *wh; 4258 struct ieee80211_rateset *rs; 4259 struct ieee80211_channel *c; 4260 uint8_t *buf, *frm; 4261 uint16_t rxchain; 4262 uint8_t txant; 4263 int buflen, error; 4264 4265 buf = malloc(IWN_SCAN_MAXSZ, M_DEVBUF, M_NOWAIT | M_ZERO); 4266 if (buf == NULL) { 4267 aprint_error_dev(sc->sc_dev, 4268 "could not allocate buffer for scan command\n"); 4269 return ENOMEM; 4270 } 4271 hdr = (struct iwn_scan_hdr *)buf; 4272 /* 4273 * Move to the next channel if no frames are received within 10ms 4274 * after sending the probe request. 4275 */ 4276 hdr->quiet_time = htole16(10); /* timeout in milliseconds */ 4277 hdr->quiet_threshold = htole16(1); /* min # of packets */ 4278 4279 /* Select antennas for scanning. */ 4280 rxchain = 4281 IWN_RXCHAIN_VALID(sc->rxchainmask) | 4282 IWN_RXCHAIN_FORCE_MIMO_SEL(sc->rxchainmask) | 4283 IWN_RXCHAIN_DRIVER_FORCE; 4284 if ((flags & IEEE80211_CHAN_5GHZ) && 4285 sc->hw_type == IWN_HW_REV_TYPE_4965) { 4286 /* Ant A must be avoided in 5GHz because of an HW bug. */ 4287 rxchain |= IWN_RXCHAIN_FORCE_SEL(IWN_ANT_BC); 4288 } else /* Use all available RX antennas. */ 4289 rxchain |= IWN_RXCHAIN_FORCE_SEL(sc->rxchainmask); 4290 hdr->rxchain = htole16(rxchain); 4291 hdr->filter = htole32(IWN_FILTER_MULTICAST | IWN_FILTER_BEACON); 4292 4293 tx = (struct iwn_cmd_data *)(hdr + 1); 4294 tx->flags = htole32(IWN_TX_AUTO_SEQ); 4295 tx->id = sc->sc_hal->broadcast_id; 4296 tx->lifetime = htole32(IWN_LIFETIME_INFINITE); 4297 4298 if (flags & IEEE80211_CHAN_5GHZ) { 4299 hdr->crc_threshold = htole16(1); 4300 /* Send probe requests at 6Mbps. */ 4301 tx->plcp = iwn_rates[IWN_RIDX_OFDM6].plcp; 4302 rs = &ic->ic_sup_rates[IEEE80211_MODE_11A]; 4303 } else { 4304 hdr->flags = htole32(IWN_RXON_24GHZ | IWN_RXON_AUTO); 4305 /* Send probe requests at 1Mbps. */ 4306 tx->plcp = iwn_rates[IWN_RIDX_CCK1].plcp; 4307 tx->rflags = IWN_RFLAG_CCK; 4308 rs = &ic->ic_sup_rates[IEEE80211_MODE_11G]; 4309 } 4310 /* Use the first valid TX antenna. */ 4311 txant = IWN_LSB(sc->txchainmask); 4312 tx->rflags |= IWN_RFLAG_ANT(txant); 4313 4314 essid = (struct iwn_scan_essid *)(tx + 1); 4315 if (ic->ic_des_esslen != 0) { 4316 essid[0].id = IEEE80211_ELEMID_SSID; 4317 essid[0].len = ic->ic_des_esslen; 4318 memcpy(essid[0].data, ic->ic_des_essid, ic->ic_des_esslen); 4319 } 4320 /* 4321 * Build a probe request frame. Most of the following code is a 4322 * copy & paste of what is done in net80211. 4323 */ 4324 wh = (struct ieee80211_frame *)(essid + 20); 4325 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | 4326 IEEE80211_FC0_SUBTYPE_PROBE_REQ; 4327 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 4328 IEEE80211_ADDR_COPY(wh->i_addr1, etherbroadcastaddr); 4329 IEEE80211_ADDR_COPY(wh->i_addr2, ic->ic_myaddr); 4330 IEEE80211_ADDR_COPY(wh->i_addr3, etherbroadcastaddr); 4331 *(uint16_t *)&wh->i_dur[0] = 0; /* filled by HW */ 4332 *(uint16_t *)&wh->i_seq[0] = 0; /* filled by HW */ 4333 4334 frm = (uint8_t *)(wh + 1); 4335 frm = ieee80211_add_ssid(frm, NULL, 0); 4336 frm = ieee80211_add_rates(frm, rs); 4337 if (rs->rs_nrates > IEEE80211_RATE_SIZE) 4338 frm = ieee80211_add_xrates(frm, rs); 4339 4340 /* Set length of probe request. */ 4341 tx->len = htole16(frm - (uint8_t *)wh); 4342 4343 chan = (struct iwn_scan_chan *)frm; 4344 for (c = &ic->ic_channels[1]; 4345 c <= &ic->ic_channels[IEEE80211_CHAN_MAX]; c++) { 4346 if ((c->ic_flags & flags) != flags) 4347 continue; 4348 4349 chan->chan = htole16(ieee80211_chan2ieee(ic, c)); 4350 DPRINTFN(2, ("adding channel %d\n", chan->chan)); 4351 chan->flags = 0; 4352 if (!(c->ic_flags & IEEE80211_CHAN_PASSIVE)) 4353 chan->flags |= htole32(IWN_CHAN_ACTIVE); 4354 if (ic->ic_des_esslen != 0) 4355 chan->flags |= htole32(IWN_CHAN_NPBREQS(1)); 4356 chan->dsp_gain = 0x6e; 4357 if (IEEE80211_IS_CHAN_5GHZ(c)) { 4358 chan->rf_gain = 0x3b; 4359 chan->active = htole16(24); 4360 chan->passive = htole16(110); 4361 } else { 4362 chan->rf_gain = 0x28; 4363 chan->active = htole16(36); 4364 chan->passive = htole16(120); 4365 } 4366 hdr->nchan++; 4367 chan++; 4368 } 4369 4370 buflen = (uint8_t *)chan - buf; 4371 hdr->len = htole16(buflen); 4372 4373 DPRINTF(("sending scan command nchan=%d\n", hdr->nchan)); 4374 error = iwn_cmd(sc, IWN_CMD_SCAN, buf, buflen, 1); 4375 free(buf, M_DEVBUF); 4376 return error; 4377 } 4378 4379 static int 4380 iwn_auth(struct iwn_softc *sc) 4381 { 4382 const struct iwn_hal *hal = sc->sc_hal; 4383 struct ieee80211com *ic = &sc->sc_ic; 4384 struct ieee80211_node *ni = ic->ic_bss; 4385 int error; 4386 4387 /* Update adapter configuration. */ 4388 IEEE80211_ADDR_COPY(sc->rxon.bssid, ni->ni_bssid); 4389 sc->rxon.chan = ieee80211_chan2ieee(ic, ni->ni_chan); 4390 sc->rxon.flags = htole32(IWN_RXON_TSF | IWN_RXON_CTS_TO_SELF); 4391 if (IEEE80211_IS_CHAN_2GHZ(ni->ni_chan)) 4392 sc->rxon.flags |= htole32(IWN_RXON_AUTO | IWN_RXON_24GHZ); 4393 if (ic->ic_flags & IEEE80211_F_SHSLOT) 4394 sc->rxon.flags |= htole32(IWN_RXON_SHSLOT); 4395 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 4396 sc->rxon.flags |= htole32(IWN_RXON_SHPREAMBLE); 4397 switch (ic->ic_curmode) { 4398 case IEEE80211_MODE_11A: 4399 sc->rxon.cck_mask = 0; 4400 sc->rxon.ofdm_mask = 0x15; 4401 break; 4402 case IEEE80211_MODE_11B: 4403 sc->rxon.cck_mask = 0x03; 4404 sc->rxon.ofdm_mask = 0; 4405 break; 4406 default: /* Assume 802.11b/g. */ 4407 sc->rxon.cck_mask = 0x0f; 4408 sc->rxon.ofdm_mask = 0x15; 4409 } 4410 DPRINTF(("rxon chan %d flags %x cck %x ofdm %x\n", sc->rxon.chan, 4411 sc->rxon.flags, sc->rxon.cck_mask, sc->rxon.ofdm_mask)); 4412 error = iwn_cmd(sc, IWN_CMD_RXON, &sc->rxon, hal->rxonsz, 1); 4413 if (error != 0) { 4414 aprint_error_dev(sc->sc_dev, 4415 "RXON command failed\n"); 4416 return error; 4417 } 4418 4419 /* Configuration has changed, set TX power accordingly. */ 4420 if ((error = hal->set_txpower(sc, 1)) != 0) { 4421 aprint_error_dev(sc->sc_dev, 4422 "could not set TX power\n"); 4423 return error; 4424 } 4425 /* 4426 * Reconfiguring RXON clears the firmware nodes table so we must 4427 * add the broadcast node again. 4428 */ 4429 if ((error = iwn_add_broadcast_node(sc, 1)) != 0) { 4430 aprint_error_dev(sc->sc_dev, 4431 "could not add broadcast node\n"); 4432 return error; 4433 } 4434 return 0; 4435 } 4436 4437 static int 4438 iwn_run(struct iwn_softc *sc) 4439 { 4440 const struct iwn_hal *hal = sc->sc_hal; 4441 struct ieee80211com *ic = &sc->sc_ic; 4442 struct ieee80211_node *ni = ic->ic_bss; 4443 struct iwn_node_info node; 4444 int error; 4445 4446 if (ic->ic_opmode == IEEE80211_M_MONITOR) { 4447 /* Link LED blinks while monitoring. */ 4448 iwn_set_led(sc, IWN_LED_LINK, 5, 5); 4449 return 0; 4450 } 4451 if ((error = iwn_set_timing(sc, ni)) != 0) { 4452 aprint_error_dev(sc->sc_dev, 4453 "could not set timing\n"); 4454 return error; 4455 } 4456 4457 /* Update adapter configuration. */ 4458 sc->rxon.associd = htole16(IEEE80211_AID(ni->ni_associd)); 4459 /* Short preamble and slot time are negotiated when associating. */ 4460 sc->rxon.flags &= ~htole32(IWN_RXON_SHPREAMBLE | IWN_RXON_SHSLOT); 4461 if (ic->ic_flags & IEEE80211_F_SHSLOT) 4462 sc->rxon.flags |= htole32(IWN_RXON_SHSLOT); 4463 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 4464 sc->rxon.flags |= htole32(IWN_RXON_SHPREAMBLE); 4465 sc->rxon.filter |= htole32(IWN_FILTER_BSS); 4466 DPRINTF(("rxon chan %d flags %x\n", sc->rxon.chan, sc->rxon.flags)); 4467 error = iwn_cmd(sc, IWN_CMD_RXON, &sc->rxon, hal->rxonsz, 1); 4468 if (error != 0) { 4469 aprint_error_dev(sc->sc_dev, 4470 "could not update configuration\n"); 4471 return error; 4472 } 4473 4474 /* Configuration has changed, set TX power accordingly. */ 4475 if ((error = hal->set_txpower(sc, 1)) != 0) { 4476 aprint_error_dev(sc->sc_dev, 4477 "could not set TX power\n"); 4478 return error; 4479 } 4480 4481 /* Fake a join to initialize the TX rate. */ 4482 ((struct iwn_node *)ni)->id = IWN_ID_BSS; 4483 iwn_newassoc(ni, 1); 4484 4485 /* Add BSS node. */ 4486 memset(&node, 0, sizeof node); 4487 IEEE80211_ADDR_COPY(node.macaddr, ni->ni_macaddr); 4488 node.id = IWN_ID_BSS; 4489 #ifdef notyet 4490 node.htflags = htole32(IWN_AMDPU_SIZE_FACTOR(3) | 4491 IWN_AMDPU_DENSITY(5)); /* 2us */ 4492 #endif 4493 DPRINTF(("adding BSS node\n")); 4494 error = hal->add_node(sc, &node, 1); 4495 if (error != 0) { 4496 aprint_error_dev(sc->sc_dev, 4497 "could not add BSS node\n"); 4498 return error; 4499 } 4500 DPRINTF(("setting link quality for node %d\n", node.id)); 4501 if ((error = iwn_set_link_quality(sc, ni)) != 0) { 4502 aprint_error_dev(sc->sc_dev, 4503 "could not setup link quality for node %d\n", node.id); 4504 return error; 4505 } 4506 4507 if ((error = iwn_init_sensitivity(sc)) != 0) { 4508 aprint_error_dev(sc->sc_dev, 4509 "could not set sensitivity\n"); 4510 return error; 4511 } 4512 /* Start periodic calibration timer. */ 4513 sc->calib.state = IWN_CALIB_STATE_ASSOC; 4514 sc->calib_cnt = 0; 4515 callout_schedule(&sc->calib_to, hz/2); 4516 4517 /* Link LED always on while associated. */ 4518 iwn_set_led(sc, IWN_LED_LINK, 0, 1); 4519 return 0; 4520 } 4521 4522 #ifdef IWN_HWCRYPTO 4523 /* 4524 * We support CCMP hardware encryption/decryption of unicast frames only. 4525 * HW support for TKIP really sucks. We should let TKIP die anyway. 4526 */ 4527 static int 4528 iwn_set_key(struct ieee80211com *ic, struct ieee80211_node *ni, 4529 struct ieee80211_key *k) 4530 { 4531 struct iwn_softc *sc = ic->ic_softc; 4532 const struct iwn_hal *hal = sc->sc_hal; 4533 struct iwn_node *wn = (void *)ni; 4534 struct iwn_node_info node; 4535 uint16_t kflags; 4536 4537 if ((k->k_flags & IEEE80211_KEY_GROUP) || 4538 k->k_cipher != IEEE80211_CIPHER_CCMP) 4539 return ieee80211_set_key(ic, ni, k); 4540 4541 kflags = IWN_KFLAG_CCMP | IWN_KFLAG_MAP | IWN_KFLAG_KID(k->k_id); 4542 if (k->k_flags & IEEE80211_KEY_GROUP) 4543 kflags |= IWN_KFLAG_GROUP; 4544 4545 memset(&node, 0, sizeof node); 4546 node.id = (k->k_flags & IEEE80211_KEY_GROUP) ? 4547 hal->broadcast_id : wn->id; 4548 node.control = IWN_NODE_UPDATE; 4549 node.flags = IWN_FLAG_SET_KEY; 4550 node.kflags = htole16(kflags); 4551 node.kid = k->k_id; 4552 memcpy(node.key, k->k_key, k->k_len); 4553 DPRINTF(("set key id=%d for node %d\n", k->k_id, node.id)); 4554 return hal->add_node(sc, &node, 1); 4555 } 4556 4557 static void 4558 iwn_delete_key(struct ieee80211com *ic, struct ieee80211_node *ni, 4559 struct ieee80211_key *k) 4560 { 4561 struct iwn_softc *sc = ic->ic_softc; 4562 const struct iwn_hal *hal = sc->sc_hal; 4563 struct iwn_node *wn = (void *)ni; 4564 struct iwn_node_info node; 4565 4566 if ((k->k_flags & IEEE80211_KEY_GROUP) || 4567 k->k_cipher != IEEE80211_CIPHER_CCMP) { 4568 /* See comment about other ciphers above. */ 4569 ieee80211_delete_key(ic, ni, k); 4570 return; 4571 } 4572 if (ic->ic_state != IEEE80211_S_RUN) 4573 return; /* Nothing to do. */ 4574 memset(&node, 0, sizeof node); 4575 node.id = (k->k_flags & IEEE80211_KEY_GROUP) ? 4576 hal->broadcast_id : wn->id; 4577 node.control = IWN_NODE_UPDATE; 4578 node.flags = IWN_FLAG_SET_KEY; 4579 node.kflags = htole16(IWN_KFLAG_INVALID); 4580 node.kid = 0xff; 4581 DPRINTF(("delete keys for node %d\n", node.id)); 4582 (void)hal->add_node(sc, &node, 1); 4583 } 4584 #endif 4585 4586 /* XXX Added for NetBSD (copied from rev 1.39). */ 4587 4588 static int 4589 iwn_wme_update(struct ieee80211com *ic) 4590 { 4591 #define IWN_EXP2(v) htole16((1 << (v)) - 1) 4592 #define IWN_USEC(v) htole16(IEEE80211_TXOP_TO_US(v)) 4593 struct iwn_softc *sc = ic->ic_ifp->if_softc; 4594 const struct wmeParams *wmep; 4595 struct iwn_edca_params cmd; 4596 int ac; 4597 4598 /* don't override default WME values if WME is not actually enabled */ 4599 if (!(ic->ic_flags & IEEE80211_F_WME)) 4600 return 0; 4601 cmd.flags = 0; 4602 for (ac = 0; ac < WME_NUM_AC; ac++) { 4603 wmep = &ic->ic_wme.wme_chanParams.cap_wmeParams[ac]; 4604 cmd.ac[ac].aifsn = wmep->wmep_aifsn; 4605 cmd.ac[ac].cwmin = IWN_EXP2(wmep->wmep_logcwmin); 4606 cmd.ac[ac].cwmax = IWN_EXP2(wmep->wmep_logcwmax); 4607 cmd.ac[ac].txoplimit = IWN_USEC(wmep->wmep_txopLimit); 4608 4609 DPRINTF(("setting WME for queue %d aifsn=%d cwmin=%d cwmax=%d " 4610 "txop=%d\n", ac, cmd.ac[ac].aifsn, 4611 cmd.ac[ac].cwmin, 4612 cmd.ac[ac].cwmax, cmd.ac[ac].txoplimit)); 4613 } 4614 return iwn_cmd(sc, IWN_CMD_EDCA_PARAMS, &cmd, sizeof cmd, 1); 4615 #undef IWN_USEC 4616 #undef IWN_EXP2 4617 } 4618 4619 #ifndef IEEE80211_NO_HT 4620 /* 4621 * This function is called by upper layer when an ADDBA request is received 4622 * from another STA and before the ADDBA response is sent. 4623 */ 4624 static int 4625 iwn_ampdu_rx_start(struct ieee80211com *ic, struct ieee80211_node *ni, 4626 uint8_t tid) 4627 { 4628 struct ieee80211_rx_ba *ba = &ni->ni_rx_ba[tid]; 4629 struct iwn_softc *sc = ic->ic_softc; 4630 struct iwn_node *wn = (void *)ni; 4631 struct iwn_node_info node; 4632 4633 memset(&node, 0, sizeof node); 4634 node.id = wn->id; 4635 node.control = IWN_NODE_UPDATE; 4636 node.flags = IWN_FLAG_SET_ADDBA; 4637 node.addba_tid = tid; 4638 node.addba_ssn = htole16(ba->ba_winstart); 4639 DPRINTFN(2, ("ADDBA RA=%d TID=%d SSN=%d\n", wn->id, tid, 4640 ba->ba_winstart)); 4641 return sc->sc_hal->add_node(sc, &node, 1); 4642 } 4643 4644 /* 4645 * This function is called by upper layer on teardown of an HT-immediate 4646 * Block Ack agreement (eg. uppon receipt of a DELBA frame.) 4647 */ 4648 static void 4649 iwn_ampdu_rx_stop(struct ieee80211com *ic, struct ieee80211_node *ni, 4650 uint8_t tid) 4651 { 4652 struct iwn_softc *sc = ic->ic_softc; 4653 struct iwn_node *wn = (void *)ni; 4654 struct iwn_node_info node; 4655 4656 memset(&node, 0, sizeof node); 4657 node.id = wn->id; 4658 node.control = IWN_NODE_UPDATE; 4659 node.flags = IWN_FLAG_SET_DELBA; 4660 node.delba_tid = tid; 4661 DPRINTFN(2, ("DELBA RA=%d TID=%d\n", wn->id, tid)); 4662 (void)sc->sc_hal->add_node(sc, &node, 1); 4663 } 4664 4665 /* 4666 * This function is called by upper layer when an ADDBA response is received 4667 * from another STA. 4668 */ 4669 static int 4670 iwn_ampdu_tx_start(struct ieee80211com *ic, struct ieee80211_node *ni, 4671 uint8_t tid) 4672 { 4673 struct ieee80211_tx_ba *ba = &ni->ni_tx_ba[tid]; 4674 struct iwn_softc *sc = ic->ic_softc; 4675 const struct iwn_hal *hal = sc->sc_hal; 4676 struct iwn_node *wn = (void *)ni; 4677 struct iwn_node_info node; 4678 int error; 4679 4680 /* Enable TX for the specified RA/TID. */ 4681 wn->disable_tid &= ~(1 << tid); 4682 memset(&node, 0, sizeof node); 4683 node.id = wn->id; 4684 node.control = IWN_NODE_UPDATE; 4685 node.flags = IWN_FLAG_SET_DISABLE_TID; 4686 node.disable_tid = htole16(wn->disable_tid); 4687 error = hal->add_node(sc, &node, 1); 4688 if (error != 0) 4689 return error; 4690 4691 if ((error = iwn_nic_lock(sc)) != 0) 4692 return error; 4693 hal->ampdu_tx_start(sc, ni, tid, ba->ba_winstart); 4694 iwn_nic_unlock(sc); 4695 return 0; 4696 } 4697 4698 static void 4699 iwn_ampdu_tx_stop(struct ieee80211com *ic, struct ieee80211_node *ni, 4700 uint8_t tid) 4701 { 4702 struct ieee80211_tx_ba *ba = &ni->ni_tx_ba[tid]; 4703 struct iwn_softc *sc = ic->ic_softc; 4704 4705 if (iwn_nic_lock(sc) != 0) 4706 return; 4707 sc->sc_hal->ampdu_tx_stop(sc, tid, ba->ba_winstart); 4708 iwn_nic_unlock(sc); 4709 } 4710 4711 static void 4712 iwn4965_ampdu_tx_start(struct iwn_softc *sc, struct ieee80211_node *ni, 4713 uint8_t tid, uint16_t ssn) 4714 { 4715 struct iwn_node *wn = (void *)ni; 4716 int qid = 7 + tid; 4717 4718 /* Stop TX scheduler while we're changing its configuration. */ 4719 iwn_prph_write(sc, IWN4965_SCHED_QUEUE_STATUS(qid), 4720 IWN4965_TXQ_STATUS_CHGACT); 4721 4722 /* Assign RA/TID translation to the queue. */ 4723 iwn_mem_write_2(sc, sc->sched_base + IWN4965_SCHED_TRANS_TBL(qid), 4724 wn->id << 4 | tid); 4725 4726 /* Enable chain-building mode for the queue. */ 4727 iwn_prph_setbits(sc, IWN4965_SCHED_QCHAIN_SEL, 1 << qid); 4728 4729 /* Set starting sequence number from the ADDBA request. */ 4730 IWN_WRITE(sc, IWN_HBUS_TARG_WRPTR, qid << 8 | (ssn & 0xff)); 4731 iwn_prph_write(sc, IWN4965_SCHED_QUEUE_RDPTR(qid), ssn); 4732 4733 /* Set scheduler window size. */ 4734 iwn_mem_write(sc, sc->sched_base + IWN4965_SCHED_QUEUE_OFFSET(qid), 4735 IWN_SCHED_WINSZ); 4736 /* Set scheduler frame limit. */ 4737 iwn_mem_write(sc, sc->sched_base + IWN4965_SCHED_QUEUE_OFFSET(qid) + 4, 4738 IWN_SCHED_LIMIT << 16); 4739 4740 /* Enable interrupts for the queue. */ 4741 iwn_prph_setbits(sc, IWN4965_SCHED_INTR_MASK, 1 << qid); 4742 4743 /* Mark the queue as active. */ 4744 iwn_prph_write(sc, IWN4965_SCHED_QUEUE_STATUS(qid), 4745 IWN4965_TXQ_STATUS_ACTIVE | IWN4965_TXQ_STATUS_AGGR_ENA | 4746 iwn_tid2fifo[tid] << 1); 4747 } 4748 4749 static void 4750 iwn4965_ampdu_tx_stop(struct iwn_softc *sc, uint8_t tid, uint16_t ssn) 4751 { 4752 int qid = 7 + tid; 4753 4754 /* Stop TX scheduler while we're changing its configuration. */ 4755 iwn_prph_write(sc, IWN4965_SCHED_QUEUE_STATUS(qid), 4756 IWN4965_TXQ_STATUS_CHGACT); 4757 4758 /* Set starting sequence number from the ADDBA request. */ 4759 IWN_WRITE(sc, IWN_HBUS_TARG_WRPTR, qid << 8 | (ssn & 0xff)); 4760 iwn_prph_write(sc, IWN4965_SCHED_QUEUE_RDPTR(qid), ssn); 4761 4762 /* Disable interrupts for the queue. */ 4763 iwn_prph_clrbits(sc, IWN4965_SCHED_INTR_MASK, 1 << qid); 4764 4765 /* Mark the queue as inactive. */ 4766 iwn_prph_write(sc, IWN4965_SCHED_QUEUE_STATUS(qid), 4767 IWN4965_TXQ_STATUS_INACTIVE | iwn_tid2fifo[tid] << 1); 4768 } 4769 4770 static void 4771 iwn5000_ampdu_tx_start(struct iwn_softc *sc, struct ieee80211_node *ni, 4772 uint8_t tid, uint16_t ssn) 4773 { 4774 struct iwn_node *wn = (void *)ni; 4775 int qid = 10 + tid; 4776 4777 /* Stop TX scheduler while we're changing its configuration. */ 4778 iwn_prph_write(sc, IWN5000_SCHED_QUEUE_STATUS(qid), 4779 IWN5000_TXQ_STATUS_CHGACT); 4780 4781 /* Assign RA/TID translation to the queue. */ 4782 iwn_mem_write_2(sc, sc->sched_base + IWN5000_SCHED_TRANS_TBL(qid), 4783 wn->id << 4 | tid); 4784 4785 /* Enable chain-building mode for the queue. */ 4786 iwn_prph_setbits(sc, IWN5000_SCHED_QCHAIN_SEL, 1 << qid); 4787 4788 /* Enable aggregation for the queue. */ 4789 iwn_prph_setbits(sc, IWN5000_SCHED_AGGR_SEL, 1 << qid); 4790 4791 /* Set starting sequence number from the ADDBA request. */ 4792 IWN_WRITE(sc, IWN_HBUS_TARG_WRPTR, qid << 8 | (ssn & 0xff)); 4793 iwn_prph_write(sc, IWN5000_SCHED_QUEUE_RDPTR(qid), ssn); 4794 4795 /* Set scheduler window size and frame limit. */ 4796 iwn_mem_write(sc, sc->sched_base + IWN5000_SCHED_QUEUE_OFFSET(qid) + 4, 4797 IWN_SCHED_LIMIT << 16 | IWN_SCHED_WINSZ); 4798 4799 /* Enable interrupts for the queue. */ 4800 iwn_prph_setbits(sc, IWN5000_SCHED_INTR_MASK, 1 << qid); 4801 4802 /* Mark the queue as active. */ 4803 iwn_prph_write(sc, IWN5000_SCHED_QUEUE_STATUS(qid), 4804 IWN5000_TXQ_STATUS_ACTIVE | iwn_tid2fifo[tid]); 4805 } 4806 4807 static void 4808 iwn5000_ampdu_tx_stop(struct iwn_softc *sc, uint8_t tid, uint16_t ssn) 4809 { 4810 int qid = 10 + tid; 4811 4812 /* Stop TX scheduler while we're changing its configuration. */ 4813 iwn_prph_write(sc, IWN5000_SCHED_QUEUE_STATUS(qid), 4814 IWN5000_TXQ_STATUS_CHGACT); 4815 4816 /* Disable aggregation for the queue. */ 4817 iwn_prph_clrbits(sc, IWN5000_SCHED_AGGR_SEL, 1 << qid); 4818 4819 /* Set starting sequence number from the ADDBA request. */ 4820 IWN_WRITE(sc, IWN_HBUS_TARG_WRPTR, qid << 8 | (ssn & 0xff)); 4821 iwn_prph_write(sc, IWN5000_SCHED_QUEUE_RDPTR(qid), ssn); 4822 4823 /* Disable interrupts for the queue. */ 4824 iwn_prph_clrbits(sc, IWN5000_SCHED_INTR_MASK, 1 << qid); 4825 4826 /* Mark the queue as inactive. */ 4827 iwn_prph_write(sc, IWN5000_SCHED_QUEUE_STATUS(qid), 4828 IWN5000_TXQ_STATUS_INACTIVE | iwn_tid2fifo[tid]); 4829 } 4830 #endif /* !IEEE80211_NO_HT */ 4831 4832 /* 4833 * Query calibration tables from the initialization firmware. We do this 4834 * only once at first boot. Called from a process context. 4835 */ 4836 static int 4837 iwn5000_query_calibration(struct iwn_softc *sc) 4838 { 4839 struct iwn5000_calib_config cmd; 4840 int error; 4841 4842 memset(&cmd, 0, sizeof cmd); 4843 cmd.ucode.once.enable = 0xffffffff; 4844 cmd.ucode.once.start = 0xffffffff; 4845 cmd.ucode.once.send = 0xffffffff; 4846 cmd.ucode.flags = 0xffffffff; 4847 DPRINTF(("sending calibration query\n")); 4848 error = iwn_cmd(sc, IWN5000_CMD_CALIB_CONFIG, &cmd, sizeof cmd, 0); 4849 if (error != 0) 4850 return error; 4851 4852 /* Wait at most two seconds for calibration to complete. */ 4853 if (!(sc->sc_flags & IWN_FLAG_CALIB_DONE)) 4854 error = tsleep(sc, PCATCH, "iwncal", 2 * hz); 4855 return error; 4856 } 4857 4858 /* 4859 * Send calibration results to the runtime firmware. These results were 4860 * obtained on first boot from the initialization firmware. 4861 */ 4862 static int 4863 iwn5000_send_calibration(struct iwn_softc *sc) 4864 { 4865 int idx, error; 4866 4867 for (idx = 0; idx < 5; idx++) { 4868 if (sc->calibcmd[idx].buf == NULL) 4869 continue; /* No results available. */ 4870 DPRINTF(("send calibration result idx=%d len=%d\n", 4871 idx, sc->calibcmd[idx].len)); 4872 error = iwn_cmd(sc, IWN_CMD_PHY_CALIB, sc->calibcmd[idx].buf, 4873 sc->calibcmd[idx].len, 0); 4874 if (error != 0) { 4875 aprint_error_dev(sc->sc_dev, 4876 "could not send calibration result\n"); 4877 return error; 4878 } 4879 } 4880 return 0; 4881 } 4882 4883 static int 4884 iwn5000_send_wimax_coex(struct iwn_softc *sc) 4885 { 4886 struct iwn5000_wimax_coex wimax; 4887 4888 #ifdef notyet 4889 if (sc->hw_type == IWN_HW_REV_TYPE_6050) { 4890 /* Enable WiMAX coexistence for combo adapters. */ 4891 wimax.flags = 4892 IWN_WIMAX_COEX_ASSOC_WA_UNMASK | 4893 IWN_WIMAX_COEX_UNASSOC_WA_UNMASK | 4894 IWN_WIMAX_COEX_STA_TABLE_VALID | 4895 IWN_WIMAX_COEX_ENABLE; 4896 memcpy(wimax.events, iwn6050_wimax_events, 4897 sizeof iwn6050_wimax_events); 4898 } else 4899 #endif 4900 { 4901 /* Disable WiMAX coexistence. */ 4902 wimax.flags = 0; 4903 memset(wimax.events, 0, sizeof wimax.events); 4904 } 4905 DPRINTF(("Configuring WiMAX coexistence\n")); 4906 return iwn_cmd(sc, IWN5000_CMD_WIMAX_COEX, &wimax, sizeof wimax, 0); 4907 } 4908 4909 /* 4910 * This function is called after the runtime firmware notifies us of its 4911 * readiness (called in a process context.) 4912 */ 4913 static int 4914 iwn4965_post_alive(struct iwn_softc *sc) 4915 { 4916 int error, qid; 4917 4918 if ((error = iwn_nic_lock(sc)) != 0) 4919 return error; 4920 4921 /* Clear TX scheduler state in SRAM. */ 4922 sc->sched_base = iwn_prph_read(sc, IWN_SCHED_SRAM_ADDR); 4923 iwn_mem_set_region_4(sc, sc->sched_base + IWN4965_SCHED_CTX_OFF, 0, 4924 IWN4965_SCHED_CTX_LEN / sizeof (uint32_t)); 4925 4926 /* Set physical address of TX scheduler rings (1KB aligned.) */ 4927 iwn_prph_write(sc, IWN4965_SCHED_DRAM_ADDR, sc->sched_dma.paddr >> 10); 4928 4929 IWN_SETBITS(sc, IWN_FH_TX_CHICKEN, IWN_FH_TX_CHICKEN_SCHED_RETRY); 4930 4931 /* Disable chain mode for all our 16 queues. */ 4932 iwn_prph_write(sc, IWN4965_SCHED_QCHAIN_SEL, 0); 4933 4934 for (qid = 0; qid < IWN4965_NTXQUEUES; qid++) { 4935 iwn_prph_write(sc, IWN4965_SCHED_QUEUE_RDPTR(qid), 0); 4936 IWN_WRITE(sc, IWN_HBUS_TARG_WRPTR, qid << 8 | 0); 4937 4938 /* Set scheduler window size. */ 4939 iwn_mem_write(sc, sc->sched_base + 4940 IWN4965_SCHED_QUEUE_OFFSET(qid), IWN_SCHED_WINSZ); 4941 /* Set scheduler frame limit. */ 4942 iwn_mem_write(sc, sc->sched_base + 4943 IWN4965_SCHED_QUEUE_OFFSET(qid) + 4, 4944 IWN_SCHED_LIMIT << 16); 4945 } 4946 4947 /* Enable interrupts for all our 16 queues. */ 4948 iwn_prph_write(sc, IWN4965_SCHED_INTR_MASK, 0xffff); 4949 /* Identify TX FIFO rings (0-7). */ 4950 iwn_prph_write(sc, IWN4965_SCHED_TXFACT, 0xff); 4951 4952 /* Mark TX rings (4 EDCA + cmd + 2 HCCA) as active. */ 4953 for (qid = 0; qid < 7; qid++) { 4954 static uint8_t qid2fifo[] = { 3, 2, 1, 0, 4, 5, 6 }; 4955 iwn_prph_write(sc, IWN4965_SCHED_QUEUE_STATUS(qid), 4956 IWN4965_TXQ_STATUS_ACTIVE | qid2fifo[qid] << 1); 4957 } 4958 iwn_nic_unlock(sc); 4959 return 0; 4960 } 4961 4962 /* 4963 * This function is called after the initialization or runtime firmware 4964 * notifies us of its readiness (called in a process context.) 4965 */ 4966 static int 4967 iwn5000_post_alive(struct iwn_softc *sc) 4968 { 4969 int error, qid; 4970 4971 /* Switch to using ICT interrupt mode. */ 4972 iwn5000_ict_reset(sc); 4973 4974 if ((error = iwn_nic_lock(sc)) != 0) 4975 return error; 4976 4977 /* Clear TX scheduler state in SRAM. */ 4978 sc->sched_base = iwn_prph_read(sc, IWN_SCHED_SRAM_ADDR); 4979 iwn_mem_set_region_4(sc, sc->sched_base + IWN5000_SCHED_CTX_OFF, 0, 4980 IWN5000_SCHED_CTX_LEN / sizeof (uint32_t)); 4981 4982 /* Set physical address of TX scheduler rings (1KB aligned.) */ 4983 iwn_prph_write(sc, IWN5000_SCHED_DRAM_ADDR, sc->sched_dma.paddr >> 10); 4984 4985 IWN_SETBITS(sc, IWN_FH_TX_CHICKEN, IWN_FH_TX_CHICKEN_SCHED_RETRY); 4986 4987 /* Enable chain mode for all queues, except command queue. */ 4988 iwn_prph_write(sc, IWN5000_SCHED_QCHAIN_SEL, 0xfffef); 4989 iwn_prph_write(sc, IWN5000_SCHED_AGGR_SEL, 0); 4990 4991 for (qid = 0; qid < IWN5000_NTXQUEUES; qid++) { 4992 iwn_prph_write(sc, IWN5000_SCHED_QUEUE_RDPTR(qid), 0); 4993 IWN_WRITE(sc, IWN_HBUS_TARG_WRPTR, qid << 8 | 0); 4994 4995 iwn_mem_write(sc, sc->sched_base + 4996 IWN5000_SCHED_QUEUE_OFFSET(qid), 0); 4997 /* Set scheduler window size and frame limit. */ 4998 iwn_mem_write(sc, sc->sched_base + 4999 IWN5000_SCHED_QUEUE_OFFSET(qid) + 4, 5000 IWN_SCHED_LIMIT << 16 | IWN_SCHED_WINSZ); 5001 } 5002 5003 /* Enable interrupts for all our 20 queues. */ 5004 iwn_prph_write(sc, IWN5000_SCHED_INTR_MASK, 0xfffff); 5005 /* Identify TX FIFO rings (0-7). */ 5006 iwn_prph_write(sc, IWN5000_SCHED_TXFACT, 0xff); 5007 5008 /* Mark TX rings (4 EDCA + cmd + 2 HCCA) as active. */ 5009 for (qid = 0; qid < 7; qid++) { 5010 static uint8_t qid2fifo[] = { 3, 2, 1, 0, 7, 5, 6 }; 5011 iwn_prph_write(sc, IWN5000_SCHED_QUEUE_STATUS(qid), 5012 IWN5000_TXQ_STATUS_ACTIVE | qid2fifo[qid]); 5013 } 5014 iwn_nic_unlock(sc); 5015 5016 /* Configure WiMAX coexistence for combo adapters. */ 5017 error = iwn5000_send_wimax_coex(sc); 5018 if (error != 0) { 5019 aprint_error_dev(sc->sc_dev, 5020 "could not configure WiMAX coexistence\n"); 5021 return error; 5022 } 5023 if (sc->hw_type != IWN_HW_REV_TYPE_5150) { 5024 struct iwn5000_phy_calib_crystal cmd; 5025 5026 /* Perform crystal calibration. */ 5027 memset(&cmd, 0, sizeof cmd); 5028 cmd.code = IWN5000_PHY_CALIB_CRYSTAL; 5029 cmd.ngroups = 1; 5030 cmd.isvalid = 1; 5031 cmd.cap_pin[0] = le32toh(sc->eeprom_crystal) & 0xff; 5032 cmd.cap_pin[1] = (le32toh(sc->eeprom_crystal) >> 16) & 0xff; 5033 DPRINTF(("sending crystal calibration %d, %d\n", 5034 cmd.cap_pin[0], cmd.cap_pin[1])); 5035 error = iwn_cmd(sc, IWN_CMD_PHY_CALIB, &cmd, sizeof cmd, 0); 5036 if (error != 0) { 5037 aprint_error_dev(sc->sc_dev, 5038 "crystal calibration failed\n"); 5039 return error; 5040 } 5041 } 5042 if (!(sc->sc_flags & IWN_FLAG_CALIB_DONE)) { 5043 /* Query calibration from the initialization firmware. */ 5044 if ((error = iwn5000_query_calibration(sc)) != 0) { 5045 aprint_error_dev(sc->sc_dev, 5046 "could not query calibration\n"); 5047 return error; 5048 } 5049 /* 5050 * We have the calibration results now, reboot with the 5051 * runtime firmware (call ourselves recursively!) 5052 */ 5053 iwn_hw_stop(sc); 5054 error = iwn_hw_init(sc); 5055 } else { 5056 /* Send calibration results to runtime firmware. */ 5057 error = iwn5000_send_calibration(sc); 5058 } 5059 return error; 5060 } 5061 5062 /* 5063 * The firmware boot code is small and is intended to be copied directly into 5064 * the NIC internal memory (no DMA transfer.) 5065 */ 5066 static int 5067 iwn4965_load_bootcode(struct iwn_softc *sc, const uint8_t *ucode, int size) 5068 { 5069 int error, ntries; 5070 5071 size /= sizeof (uint32_t); 5072 5073 if ((error = iwn_nic_lock(sc)) != 0) 5074 return error; 5075 5076 /* Copy microcode image into NIC memory. */ 5077 iwn_prph_write_region_4(sc, IWN_BSM_SRAM_BASE, 5078 (const uint32_t *)ucode, size); 5079 5080 iwn_prph_write(sc, IWN_BSM_WR_MEM_SRC, 0); 5081 iwn_prph_write(sc, IWN_BSM_WR_MEM_DST, IWN_FW_TEXT_BASE); 5082 iwn_prph_write(sc, IWN_BSM_WR_DWCOUNT, size); 5083 5084 /* Start boot load now. */ 5085 iwn_prph_write(sc, IWN_BSM_WR_CTRL, IWN_BSM_WR_CTRL_START); 5086 5087 /* Wait for transfer to complete. */ 5088 for (ntries = 0; ntries < 1000; ntries++) { 5089 if (!(iwn_prph_read(sc, IWN_BSM_WR_CTRL) & 5090 IWN_BSM_WR_CTRL_START)) 5091 break; 5092 DELAY(10); 5093 } 5094 if (ntries == 1000) { 5095 aprint_error_dev(sc->sc_dev, 5096 "could not load boot firmware\n"); 5097 iwn_nic_unlock(sc); 5098 return ETIMEDOUT; 5099 } 5100 5101 /* Enable boot after power up. */ 5102 iwn_prph_write(sc, IWN_BSM_WR_CTRL, IWN_BSM_WR_CTRL_START_EN); 5103 5104 iwn_nic_unlock(sc); 5105 return 0; 5106 } 5107 5108 static int 5109 iwn4965_load_firmware(struct iwn_softc *sc) 5110 { 5111 struct iwn_fw_info *fw = &sc->fw; 5112 struct iwn_dma_info *dma = &sc->fw_dma; 5113 int error; 5114 5115 /* Copy initialization sections into pre-allocated DMA-safe memory. */ 5116 memcpy(dma->vaddr, fw->init.data, fw->init.datasz); 5117 bus_dmamap_sync(sc->sc_dmat, dma->map, 0, fw->init.datasz, 5118 BUS_DMASYNC_PREWRITE); 5119 memcpy((char *)dma->vaddr + IWN4965_FW_DATA_MAXSZ, 5120 fw->init.text, fw->init.textsz); 5121 bus_dmamap_sync(sc->sc_dmat, dma->map, IWN4965_FW_DATA_MAXSZ, 5122 fw->init.textsz, BUS_DMASYNC_PREWRITE); 5123 5124 /* Tell adapter where to find initialization sections. */ 5125 if ((error = iwn_nic_lock(sc)) != 0) 5126 return error; 5127 iwn_prph_write(sc, IWN_BSM_DRAM_DATA_ADDR, dma->paddr >> 4); 5128 iwn_prph_write(sc, IWN_BSM_DRAM_DATA_SIZE, fw->init.datasz); 5129 iwn_prph_write(sc, IWN_BSM_DRAM_TEXT_ADDR, 5130 (dma->paddr + IWN4965_FW_DATA_MAXSZ) >> 4); 5131 iwn_prph_write(sc, IWN_BSM_DRAM_TEXT_SIZE, fw->init.textsz); 5132 iwn_nic_unlock(sc); 5133 5134 /* Load firmware boot code. */ 5135 error = iwn4965_load_bootcode(sc, fw->boot.text, fw->boot.textsz); 5136 if (error != 0) { 5137 aprint_error_dev(sc->sc_dev, 5138 "could not load boot firmware\n"); 5139 return error; 5140 } 5141 /* Now press "execute". */ 5142 IWN_WRITE(sc, IWN_RESET, 0); 5143 5144 /* Wait at most one second for first alive notification. */ 5145 if ((error = tsleep(sc, PCATCH, "iwninit", hz)) != 0) { 5146 aprint_error_dev(sc->sc_dev, 5147 "timeout waiting for adapter to initialize\n"); 5148 return error; 5149 } 5150 5151 /* Retrieve current temperature for initial TX power calibration. */ 5152 sc->rawtemp = sc->ucode_info.temp[3].chan20MHz; 5153 sc->temp = iwn4965_get_temperature(sc); 5154 5155 /* Copy runtime sections into pre-allocated DMA-safe memory. */ 5156 memcpy(dma->vaddr, fw->main.data, fw->main.datasz); 5157 bus_dmamap_sync(sc->sc_dmat, dma->map, 0, fw->main.datasz, 5158 BUS_DMASYNC_PREWRITE); 5159 memcpy((char *)dma->vaddr + IWN4965_FW_DATA_MAXSZ, 5160 fw->main.text, fw->main.textsz); 5161 bus_dmamap_sync(sc->sc_dmat, dma->map, IWN4965_FW_DATA_MAXSZ, 5162 fw->main.textsz, BUS_DMASYNC_PREWRITE); 5163 5164 /* Tell adapter where to find runtime sections. */ 5165 if ((error = iwn_nic_lock(sc)) != 0) 5166 return error; 5167 iwn_prph_write(sc, IWN_BSM_DRAM_DATA_ADDR, dma->paddr >> 4); 5168 iwn_prph_write(sc, IWN_BSM_DRAM_DATA_SIZE, fw->main.datasz); 5169 iwn_prph_write(sc, IWN_BSM_DRAM_TEXT_ADDR, 5170 (dma->paddr + IWN4965_FW_DATA_MAXSZ) >> 4); 5171 iwn_prph_write(sc, IWN_BSM_DRAM_TEXT_SIZE, 5172 IWN_FW_UPDATED | fw->main.textsz); 5173 iwn_nic_unlock(sc); 5174 5175 return 0; 5176 } 5177 5178 static int 5179 iwn5000_load_firmware_section(struct iwn_softc *sc, uint32_t dst, 5180 const uint8_t *section, int size) 5181 { 5182 struct iwn_dma_info *dma = &sc->fw_dma; 5183 int error; 5184 5185 /* Copy firmware section into pre-allocated DMA-safe memory. */ 5186 memcpy(dma->vaddr, section, size); 5187 bus_dmamap_sync(sc->sc_dmat, dma->map, 0, size, BUS_DMASYNC_PREWRITE); 5188 5189 if ((error = iwn_nic_lock(sc)) != 0) 5190 return error; 5191 5192 IWN_WRITE(sc, IWN_FH_TX_CONFIG(IWN_SRVC_DMACHNL), 5193 IWN_FH_TX_CONFIG_DMA_PAUSE); 5194 5195 IWN_WRITE(sc, IWN_FH_SRAM_ADDR(IWN_SRVC_DMACHNL), dst); 5196 IWN_WRITE(sc, IWN_FH_TFBD_CTRL0(IWN_SRVC_DMACHNL), 5197 IWN_LOADDR(dma->paddr)); 5198 IWN_WRITE(sc, IWN_FH_TFBD_CTRL1(IWN_SRVC_DMACHNL), 5199 IWN_HIADDR(dma->paddr) << 28 | size); 5200 IWN_WRITE(sc, IWN_FH_TXBUF_STATUS(IWN_SRVC_DMACHNL), 5201 IWN_FH_TXBUF_STATUS_TBNUM(1) | 5202 IWN_FH_TXBUF_STATUS_TBIDX(1) | 5203 IWN_FH_TXBUF_STATUS_TFBD_VALID); 5204 5205 /* Kick Flow Handler to start DMA transfer. */ 5206 IWN_WRITE(sc, IWN_FH_TX_CONFIG(IWN_SRVC_DMACHNL), 5207 IWN_FH_TX_CONFIG_DMA_ENA | IWN_FH_TX_CONFIG_CIRQ_HOST_ENDTFD); 5208 5209 iwn_nic_unlock(sc); 5210 5211 /* Wait at most five seconds for FH DMA transfer to complete. */ 5212 return tsleep(sc, PCATCH, "iwninit", 5 * hz); 5213 } 5214 5215 static int 5216 iwn5000_load_firmware(struct iwn_softc *sc) 5217 { 5218 struct iwn_fw_part *fw; 5219 int error; 5220 5221 /* Load the initialization firmware on first boot only. */ 5222 fw = (sc->sc_flags & IWN_FLAG_CALIB_DONE) ? 5223 &sc->fw.main : &sc->fw.init; 5224 5225 error = iwn5000_load_firmware_section(sc, IWN_FW_TEXT_BASE, 5226 fw->text, fw->textsz); 5227 if (error != 0) { 5228 aprint_error_dev(sc->sc_dev, 5229 "could not load firmware %s section\n", ".text"); 5230 return error; 5231 } 5232 error = iwn5000_load_firmware_section(sc, IWN_FW_DATA_BASE, 5233 fw->data, fw->datasz); 5234 if (error != 0) { 5235 aprint_error_dev(sc->sc_dev, 5236 "could not load firmware %s section\n", ".data"); 5237 return error; 5238 } 5239 5240 /* Now press "execute". */ 5241 IWN_WRITE(sc, IWN_RESET, 0); 5242 return 0; 5243 } 5244 5245 static int 5246 iwn_read_firmware(struct iwn_softc *sc) 5247 { 5248 const struct iwn_hal *hal = sc->sc_hal; 5249 struct iwn_fw_info *fw = &sc->fw; 5250 firmware_handle_t fwh; 5251 const uint32_t *ptr; 5252 uint32_t rev; 5253 size_t size; 5254 int error; 5255 5256 /* Initialize for error returns */ 5257 fw->data = NULL; 5258 fw->datasz = 0; 5259 5260 /* Open firmware image. */ 5261 if ((error = firmware_open("if_iwn", sc->fwname, &fwh)) != 0) { 5262 aprint_error_dev(sc->sc_dev, 5263 "could not get firmware handle %s\n", sc->fwname); 5264 return error; 5265 } 5266 size = firmware_get_size(fwh); 5267 if (size < 28) { 5268 aprint_error_dev(sc->sc_dev, 5269 "truncated firmware header: %zu bytes\n", size); 5270 firmware_close(fwh); 5271 return EINVAL; 5272 } 5273 5274 /* Read the firmware. */ 5275 fw->data = firmware_malloc(size); 5276 if (fw->data == NULL) { 5277 aprint_error_dev(sc->sc_dev, 5278 "not enough memory to stock firmware %s\n", sc->fwname); 5279 firmware_close(fwh); 5280 return ENOMEM; 5281 } 5282 error = firmware_read(fwh, 0, fw->data, size); 5283 firmware_close(fwh); 5284 fw->datasz = size; 5285 if (error != 0) { 5286 aprint_error_dev(sc->sc_dev, 5287 "could not read firmware %s\n", sc->fwname); 5288 goto out; 5289 } 5290 5291 /* Process firmware header. */ 5292 ptr = (const uint32_t *)fw->data; 5293 rev = le32toh(*ptr++); 5294 /* Check firmware API version. */ 5295 if (IWN_FW_API(rev) <= 1) { 5296 aprint_error_dev(sc->sc_dev, 5297 "bad firmware, need API version >=2\n"); 5298 goto out; 5299 } 5300 if (IWN_FW_API(rev) >= 3) { 5301 /* Skip build number (version 2 header). */ 5302 size -= 4; 5303 ptr++; 5304 } 5305 fw->main.textsz = le32toh(*ptr++); 5306 fw->main.datasz = le32toh(*ptr++); 5307 fw->init.textsz = le32toh(*ptr++); 5308 fw->init.datasz = le32toh(*ptr++); 5309 fw->boot.textsz = le32toh(*ptr++); 5310 size -= 24; 5311 5312 /* Sanity-check firmware header. */ 5313 if (fw->main.textsz > hal->fw_text_maxsz || 5314 fw->main.datasz > hal->fw_data_maxsz || 5315 fw->init.textsz > hal->fw_text_maxsz || 5316 fw->init.datasz > hal->fw_data_maxsz || 5317 fw->boot.textsz > IWN_FW_BOOT_TEXT_MAXSZ || 5318 (fw->boot.textsz & 3) != 0) { 5319 aprint_error_dev(sc->sc_dev, 5320 "invalid firmware header\n"); 5321 goto out; 5322 } 5323 5324 /* Check that all firmware sections fit. */ 5325 if (fw->main.textsz + fw->main.datasz + fw->init.textsz + 5326 fw->init.datasz + fw->boot.textsz > size) { 5327 aprint_error_dev(sc->sc_dev, 5328 "firmware file too short: %zu bytes\n", size); 5329 goto out; 5330 } 5331 5332 /* Get pointers to firmware sections. */ 5333 fw->main.text = (const uint8_t *)ptr; 5334 fw->main.data = fw->main.text + fw->main.textsz; 5335 fw->init.text = fw->main.data + fw->main.datasz; 5336 fw->init.data = fw->init.text + fw->init.textsz; 5337 fw->boot.text = fw->init.data + fw->init.datasz; 5338 5339 return 0; 5340 out: 5341 firmware_free(fw->data, fw->datasz); 5342 fw->data = NULL; 5343 fw->datasz = 0; 5344 return error ? error : EINVAL; 5345 } 5346 5347 static int 5348 iwn_clock_wait(struct iwn_softc *sc) 5349 { 5350 int ntries; 5351 5352 /* Set "initialization complete" bit. */ 5353 IWN_SETBITS(sc, IWN_GP_CNTRL, IWN_GP_CNTRL_INIT_DONE); 5354 5355 /* Wait for clock stabilization. */ 5356 for (ntries = 0; ntries < 2500; ntries++) { 5357 if (IWN_READ(sc, IWN_GP_CNTRL) & IWN_GP_CNTRL_MAC_CLOCK_READY) 5358 return 0; 5359 DELAY(10); 5360 } 5361 aprint_error_dev(sc->sc_dev, 5362 "timeout waiting for clock stabilization\n"); 5363 return ETIMEDOUT; 5364 } 5365 5366 static int 5367 iwn_apm_init(struct iwn_softc *sc) 5368 { 5369 pcireg_t reg; 5370 int error; 5371 5372 /* Disable L0s exit timer (NMI bug workaround.) */ 5373 IWN_SETBITS(sc, IWN_GIO_CHICKEN, IWN_GIO_CHICKEN_DIS_L0S_TIMER); 5374 /* Don't wait for ICH L0s (ICH bug workaround.) */ 5375 IWN_SETBITS(sc, IWN_GIO_CHICKEN, IWN_GIO_CHICKEN_L1A_NO_L0S_RX); 5376 5377 /* Set FH wait threshold to max (HW bug under stress workaround.) */ 5378 IWN_SETBITS(sc, IWN_DBG_HPET_MEM, 0xffff0000); 5379 5380 /* Enable HAP INTA to move adapter from L1a to L0s. */ 5381 IWN_SETBITS(sc, IWN_HW_IF_CONFIG, IWN_HW_IF_CONFIG_HAP_WAKE_L1A); 5382 5383 /* Retrieve PCIe Active State Power Management (ASPM). */ 5384 reg = pci_conf_read(sc->sc_pct, sc->sc_pcitag, 5385 sc->sc_cap_off + PCI_PCIE_LCSR); 5386 /* Workaround for HW instability in PCIe L0->L0s->L1 transition. */ 5387 if (reg & PCI_PCIE_LCSR_ASPM_L1) /* L1 Entry enabled. */ 5388 IWN_SETBITS(sc, IWN_GIO, IWN_GIO_L0S_ENA); 5389 else 5390 IWN_CLRBITS(sc, IWN_GIO, IWN_GIO_L0S_ENA); 5391 5392 if (sc->hw_type != IWN_HW_REV_TYPE_4965 && 5393 sc->hw_type <= IWN_HW_REV_TYPE_1000) 5394 IWN_SETBITS(sc, IWN_ANA_PLL, IWN_ANA_PLL_INIT); 5395 5396 /* Wait for clock stabilization before accessing prph. */ 5397 if ((error = iwn_clock_wait(sc)) != 0) 5398 return error; 5399 5400 if ((error = iwn_nic_lock(sc)) != 0) 5401 return error; 5402 if (sc->hw_type == IWN_HW_REV_TYPE_4965) { 5403 /* Enable DMA and BSM (Bootstrap State Machine.) */ 5404 iwn_prph_write(sc, IWN_APMG_CLK_EN, 5405 IWN_APMG_CLK_CTRL_DMA_CLK_RQT | 5406 IWN_APMG_CLK_CTRL_BSM_CLK_RQT); 5407 } else { 5408 /* Enable DMA. */ 5409 iwn_prph_write(sc, IWN_APMG_CLK_EN, 5410 IWN_APMG_CLK_CTRL_DMA_CLK_RQT); 5411 } 5412 DELAY(20); 5413 /* Disable L1-Active. */ 5414 iwn_prph_setbits(sc, IWN_APMG_PCI_STT, IWN_APMG_PCI_STT_L1A_DIS); 5415 iwn_nic_unlock(sc); 5416 5417 return 0; 5418 } 5419 5420 static void 5421 iwn_apm_stop_master(struct iwn_softc *sc) 5422 { 5423 int ntries; 5424 5425 /* Stop busmaster DMA activity. */ 5426 IWN_SETBITS(sc, IWN_RESET, IWN_RESET_STOP_MASTER); 5427 for (ntries = 0; ntries < 100; ntries++) { 5428 if (IWN_READ(sc, IWN_RESET) & IWN_RESET_MASTER_DISABLED) 5429 return; 5430 DELAY(10); 5431 } 5432 aprint_error_dev(sc->sc_dev, 5433 "timeout waiting for master\n"); 5434 } 5435 5436 static void 5437 iwn_apm_stop(struct iwn_softc *sc) 5438 { 5439 iwn_apm_stop_master(sc); 5440 5441 /* Reset the entire device. */ 5442 IWN_SETBITS(sc, IWN_RESET, IWN_RESET_SW); 5443 DELAY(10); 5444 /* Clear "initialization complete" bit. */ 5445 IWN_CLRBITS(sc, IWN_GP_CNTRL, IWN_GP_CNTRL_INIT_DONE); 5446 } 5447 5448 static int 5449 iwn4965_nic_config(struct iwn_softc *sc) 5450 { 5451 if (IWN_RFCFG_TYPE(sc->rfcfg) == 1) { 5452 /* 5453 * I don't believe this to be correct but this is what the 5454 * vendor driver is doing. Probably the bits should not be 5455 * shifted in IWN_RFCFG_*. 5456 */ 5457 IWN_SETBITS(sc, IWN_HW_IF_CONFIG, 5458 IWN_RFCFG_TYPE(sc->rfcfg) | 5459 IWN_RFCFG_STEP(sc->rfcfg) | 5460 IWN_RFCFG_DASH(sc->rfcfg)); 5461 } 5462 IWN_SETBITS(sc, IWN_HW_IF_CONFIG, 5463 IWN_HW_IF_CONFIG_RADIO_SI | IWN_HW_IF_CONFIG_MAC_SI); 5464 return 0; 5465 } 5466 5467 static int 5468 iwn5000_nic_config(struct iwn_softc *sc) 5469 { 5470 uint32_t tmp; 5471 int error; 5472 5473 if (IWN_RFCFG_TYPE(sc->rfcfg) < 3) { 5474 IWN_SETBITS(sc, IWN_HW_IF_CONFIG, 5475 IWN_RFCFG_TYPE(sc->rfcfg) | 5476 IWN_RFCFG_STEP(sc->rfcfg) | 5477 IWN_RFCFG_DASH(sc->rfcfg)); 5478 } 5479 IWN_SETBITS(sc, IWN_HW_IF_CONFIG, 5480 IWN_HW_IF_CONFIG_RADIO_SI | IWN_HW_IF_CONFIG_MAC_SI); 5481 5482 if ((error = iwn_nic_lock(sc)) != 0) 5483 return error; 5484 iwn_prph_setbits(sc, IWN_APMG_PS, IWN_APMG_PS_EARLY_PWROFF_DIS); 5485 5486 if (sc->hw_type == IWN_HW_REV_TYPE_1000) { 5487 /* 5488 * Select first Switching Voltage Regulator (1.32V) to 5489 * solve a stability issue related to noisy DC2DC line 5490 * in the silicon of 1000 Series. 5491 */ 5492 tmp = iwn_prph_read(sc, IWN_APMG_DIGITAL_SVR); 5493 tmp &= ~IWN_APMG_DIGITAL_SVR_VOLTAGE_MASK; 5494 tmp |= IWN_APMG_DIGITAL_SVR_VOLTAGE_1_32; 5495 iwn_prph_write(sc, IWN_APMG_DIGITAL_SVR, tmp); 5496 } 5497 iwn_nic_unlock(sc); 5498 5499 if (sc->sc_flags & IWN_FLAG_INTERNAL_PA) { 5500 /* Use internal power amplifier only. */ 5501 IWN_WRITE(sc, IWN_GP_DRIVER, IWN_GP_DRIVER_RADIO_2X2_IPA); 5502 } 5503 if (sc->hw_type == IWN_HW_REV_TYPE_6050 && sc->calib_ver >= 6) { 5504 /* Indicate that ROM calibration version is >=6. */ 5505 IWN_SETBITS(sc, IWN_GP_DRIVER, IWN_GP_DRIVER_CALIB_VER6); 5506 } 5507 return 0; 5508 } 5509 5510 /* 5511 * Take NIC ownership over Intel Active Management Technology (AMT). 5512 */ 5513 static int 5514 iwn_hw_prepare(struct iwn_softc *sc) 5515 { 5516 int ntries; 5517 5518 /* Check if hardware is ready. */ 5519 IWN_SETBITS(sc, IWN_HW_IF_CONFIG, IWN_HW_IF_CONFIG_NIC_READY); 5520 for (ntries = 0; ntries < 5; ntries++) { 5521 if (IWN_READ(sc, IWN_HW_IF_CONFIG) & 5522 IWN_HW_IF_CONFIG_NIC_READY) 5523 return 0; 5524 DELAY(10); 5525 } 5526 5527 /* Hardware not ready, force into ready state. */ 5528 IWN_SETBITS(sc, IWN_HW_IF_CONFIG, IWN_HW_IF_CONFIG_PREPARE); 5529 for (ntries = 0; ntries < 15000; ntries++) { 5530 if (!(IWN_READ(sc, IWN_HW_IF_CONFIG) & 5531 IWN_HW_IF_CONFIG_PREPARE_DONE)) 5532 break; 5533 DELAY(10); 5534 } 5535 if (ntries == 15000) 5536 return ETIMEDOUT; 5537 5538 /* Hardware should be ready now. */ 5539 IWN_SETBITS(sc, IWN_HW_IF_CONFIG, IWN_HW_IF_CONFIG_NIC_READY); 5540 for (ntries = 0; ntries < 5; ntries++) { 5541 if (IWN_READ(sc, IWN_HW_IF_CONFIG) & 5542 IWN_HW_IF_CONFIG_NIC_READY) 5543 return 0; 5544 DELAY(10); 5545 } 5546 return ETIMEDOUT; 5547 } 5548 5549 static int 5550 iwn_hw_init(struct iwn_softc *sc) 5551 { 5552 const struct iwn_hal *hal = sc->sc_hal; 5553 int error, chnl, qid; 5554 5555 /* Clear pending interrupts. */ 5556 IWN_WRITE(sc, IWN_INT, 0xffffffff); 5557 5558 if ((error = iwn_apm_init(sc)) != 0) { 5559 aprint_error_dev(sc->sc_dev, 5560 "could not power ON adapter\n"); 5561 return error; 5562 } 5563 5564 /* Select VMAIN power source. */ 5565 if ((error = iwn_nic_lock(sc)) != 0) 5566 return error; 5567 iwn_prph_clrbits(sc, IWN_APMG_PS, IWN_APMG_PS_PWR_SRC_MASK); 5568 iwn_nic_unlock(sc); 5569 5570 /* Perform adapter-specific initialization. */ 5571 if ((error = hal->nic_config(sc)) != 0) 5572 return error; 5573 5574 /* Initialize RX ring. */ 5575 if ((error = iwn_nic_lock(sc)) != 0) 5576 return error; 5577 IWN_WRITE(sc, IWN_FH_RX_CONFIG, 0); 5578 IWN_WRITE(sc, IWN_FH_RX_WPTR, 0); 5579 /* Set physical address of RX ring (256-byte aligned.) */ 5580 IWN_WRITE(sc, IWN_FH_RX_BASE, sc->rxq.desc_dma.paddr >> 8); 5581 /* Set physical address of RX status (16-byte aligned.) */ 5582 IWN_WRITE(sc, IWN_FH_STATUS_WPTR, sc->rxq.stat_dma.paddr >> 4); 5583 /* Enable RX. */ 5584 IWN_WRITE(sc, IWN_FH_RX_CONFIG, 5585 IWN_FH_RX_CONFIG_ENA | 5586 IWN_FH_RX_CONFIG_IGN_RXF_EMPTY | /* HW bug workaround */ 5587 IWN_FH_RX_CONFIG_IRQ_DST_HOST | 5588 IWN_FH_RX_CONFIG_SINGLE_FRAME | 5589 IWN_FH_RX_CONFIG_RB_TIMEOUT(0) | 5590 IWN_FH_RX_CONFIG_NRBD(IWN_RX_RING_COUNT_LOG)); 5591 iwn_nic_unlock(sc); 5592 IWN_WRITE(sc, IWN_FH_RX_WPTR, (IWN_RX_RING_COUNT - 1) & ~7); 5593 5594 if ((error = iwn_nic_lock(sc)) != 0) 5595 return error; 5596 5597 /* Initialize TX scheduler. */ 5598 iwn_prph_write(sc, hal->sched_txfact_addr, 0); 5599 5600 /* Set physical address of "keep warm" page (16-byte aligned.) */ 5601 IWN_WRITE(sc, IWN_FH_KW_ADDR, sc->kw_dma.paddr >> 4); 5602 5603 /* Initialize TX rings. */ 5604 for (qid = 0; qid < hal->ntxqs; qid++) { 5605 struct iwn_tx_ring *txq = &sc->txq[qid]; 5606 5607 /* Set physical address of TX ring (256-byte aligned.) */ 5608 IWN_WRITE(sc, IWN_FH_CBBC_QUEUE(qid), 5609 txq->desc_dma.paddr >> 8); 5610 } 5611 iwn_nic_unlock(sc); 5612 5613 /* Enable DMA channels. */ 5614 for (chnl = 0; chnl < hal->ndmachnls; chnl++) { 5615 IWN_WRITE(sc, IWN_FH_TX_CONFIG(chnl), 5616 IWN_FH_TX_CONFIG_DMA_ENA | 5617 IWN_FH_TX_CONFIG_DMA_CREDIT_ENA); 5618 } 5619 5620 /* Clear "radio off" and "commands blocked" bits. */ 5621 IWN_WRITE(sc, IWN_UCODE_GP1_CLR, IWN_UCODE_GP1_RFKILL); 5622 IWN_WRITE(sc, IWN_UCODE_GP1_CLR, IWN_UCODE_GP1_CMD_BLOCKED); 5623 5624 /* Clear pending interrupts. */ 5625 IWN_WRITE(sc, IWN_INT, 0xffffffff); 5626 /* Enable interrupt coalescing. */ 5627 IWN_WRITE(sc, IWN_INT_COALESCING, 512 / 8); 5628 /* Enable interrupts. */ 5629 IWN_WRITE(sc, IWN_INT_MASK, sc->int_mask); 5630 5631 /* _Really_ make sure "radio off" bit is cleared! */ 5632 IWN_WRITE(sc, IWN_UCODE_GP1_CLR, IWN_UCODE_GP1_RFKILL); 5633 IWN_WRITE(sc, IWN_UCODE_GP1_CLR, IWN_UCODE_GP1_RFKILL); 5634 5635 if ((error = hal->load_firmware(sc)) != 0) { 5636 aprint_error_dev(sc->sc_dev, 5637 "could not load firmware\n"); 5638 return error; 5639 } 5640 /* Wait at most one second for firmware alive notification. */ 5641 if ((error = tsleep(sc, PCATCH, "iwninit", hz)) != 0) { 5642 aprint_error_dev(sc->sc_dev, 5643 "timeout waiting for adapter to initialize\n"); 5644 return error; 5645 } 5646 /* Do post-firmware initialization. */ 5647 return hal->post_alive(sc); 5648 } 5649 5650 static void 5651 iwn_hw_stop(struct iwn_softc *sc) 5652 { 5653 const struct iwn_hal *hal = sc->sc_hal; 5654 int chnl, qid, ntries; 5655 uint32_t tmp; 5656 5657 IWN_WRITE(sc, IWN_RESET, IWN_RESET_NEVO); 5658 5659 /* Disable interrupts. */ 5660 IWN_WRITE(sc, IWN_INT_MASK, 0); 5661 IWN_WRITE(sc, IWN_INT, 0xffffffff); 5662 IWN_WRITE(sc, IWN_FH_INT, 0xffffffff); 5663 sc->sc_flags &= ~IWN_FLAG_USE_ICT; 5664 5665 /* Make sure we no longer hold the NIC lock. */ 5666 iwn_nic_unlock(sc); 5667 5668 /* Stop TX scheduler. */ 5669 iwn_prph_write(sc, hal->sched_txfact_addr, 0); 5670 5671 /* Stop all DMA channels. */ 5672 if (iwn_nic_lock(sc) == 0) { 5673 for (chnl = 0; chnl < hal->ndmachnls; chnl++) { 5674 IWN_WRITE(sc, IWN_FH_TX_CONFIG(chnl), 0); 5675 for (ntries = 0; ntries < 200; ntries++) { 5676 tmp = IWN_READ(sc, IWN_FH_TX_STATUS); 5677 if ((tmp & IWN_FH_TX_STATUS_IDLE(chnl)) == 5678 IWN_FH_TX_STATUS_IDLE(chnl)) 5679 break; 5680 DELAY(10); 5681 } 5682 } 5683 iwn_nic_unlock(sc); 5684 } 5685 5686 /* Stop RX ring. */ 5687 iwn_reset_rx_ring(sc, &sc->rxq); 5688 5689 /* Reset all TX rings. */ 5690 for (qid = 0; qid < hal->ntxqs; qid++) 5691 iwn_reset_tx_ring(sc, &sc->txq[qid]); 5692 5693 if (iwn_nic_lock(sc) == 0) { 5694 iwn_prph_write(sc, IWN_APMG_CLK_DIS, 5695 IWN_APMG_CLK_CTRL_DMA_CLK_RQT); 5696 iwn_nic_unlock(sc); 5697 } 5698 DELAY(5); 5699 /* Power OFF adapter. */ 5700 iwn_apm_stop(sc); 5701 } 5702 5703 static int 5704 iwn_init(struct ifnet *ifp) 5705 { 5706 struct iwn_softc *sc = ifp->if_softc; 5707 struct ieee80211com *ic = &sc->sc_ic; 5708 int error; 5709 5710 if ((error = iwn_hw_prepare(sc)) != 0) { 5711 aprint_error_dev(sc->sc_dev, 5712 "hardware not ready\n"); 5713 goto fail; 5714 } 5715 5716 /* Check that the radio is not disabled by hardware switch. */ 5717 if (!(IWN_READ(sc, IWN_GP_CNTRL) & IWN_GP_CNTRL_RFKILL)) { 5718 aprint_error_dev(sc->sc_dev, 5719 "radio is disabled by hardware switch\n"); 5720 error = EPERM; /* :-) */ 5721 goto fail; 5722 } 5723 5724 /* Read firmware images from the filesystem. */ 5725 if ((error = iwn_read_firmware(sc)) != 0) { 5726 aprint_error_dev(sc->sc_dev, 5727 "could not read firmware\n"); 5728 goto fail; 5729 } 5730 5731 /* Initialize interrupt mask to default value. */ 5732 sc->int_mask = IWN_INT_MASK_DEF; 5733 sc->sc_flags &= ~IWN_FLAG_USE_ICT; 5734 5735 /* Initialize hardware and upload firmware. */ 5736 KASSERT(sc->fw.data != NULL && sc->fw.datasz > 0); 5737 error = iwn_hw_init(sc); 5738 firmware_free(sc->fw.data, sc->fw.datasz); 5739 sc->fw.data = NULL; 5740 sc->fw.datasz = 0; 5741 if (error != 0) { 5742 aprint_error_dev(sc->sc_dev, 5743 "could not initialize hardware\n"); 5744 goto fail; 5745 } 5746 5747 /* Configure adapter now that it is ready. */ 5748 if ((error = iwn_config(sc)) != 0) { 5749 aprint_error_dev(sc->sc_dev, 5750 "could not configure device\n"); 5751 goto fail; 5752 } 5753 5754 ifp->if_flags &= ~IFF_OACTIVE; 5755 ifp->if_flags |= IFF_RUNNING; 5756 5757 if (ic->ic_opmode != IEEE80211_M_MONITOR) 5758 ieee80211_begin_scan(ic, 0); 5759 else 5760 ieee80211_new_state(ic, IEEE80211_S_RUN, -1); 5761 5762 return 0; 5763 5764 fail: iwn_stop(ifp, 1); 5765 return error; 5766 } 5767 5768 static void 5769 iwn_stop(struct ifnet *ifp, int disable) 5770 { 5771 struct iwn_softc *sc = ifp->if_softc; 5772 struct ieee80211com *ic = &sc->sc_ic; 5773 5774 ifp->if_timer = sc->sc_tx_timer = 0; 5775 ifp->if_flags &= ~(IFF_RUNNING | IFF_OACTIVE); 5776 5777 ieee80211_new_state(ic, IEEE80211_S_INIT, -1); 5778 5779 /* Power OFF hardware. */ 5780 iwn_hw_stop(sc); 5781 5782 #ifndef SMALL_KERNEL 5783 /* Temperature sensor is no longer valid. */ 5784 sc->sc_sensor.value_cur = 0; 5785 sc->sc_sensor.state = ENVSYS_SINVALID; 5786 #endif 5787 } 5788 5789 /* 5790 * XXX MCLGETI alternative 5791 * 5792 * With IWN_USE_RBUF defined it uses the rbuf cache for receive buffers 5793 * as long as there are available free buffers then it uses MEXTMALLOC., 5794 * Without IWN_USE_RBUF defined it uses MEXTMALLOC exclusively. 5795 * The MCLGET4K code is used for testing an alternative mbuf cache. 5796 */ 5797 5798 static struct mbuf * 5799 MCLGETIalt(struct iwn_softc *sc, int how, 5800 struct ifnet *ifp __unused, u_int size) 5801 { 5802 struct mbuf *m; 5803 #ifdef IWN_USE_RBUF 5804 struct iwn_rbuf *rbuf; 5805 #endif 5806 5807 MGETHDR(m, how, MT_DATA); 5808 if (m == NULL) 5809 return NULL; 5810 5811 #ifdef IWN_USE_RBUF 5812 if (sc->rxq.nb_free_entries > 0 && 5813 (rbuf = iwn_alloc_rbuf(sc)) != NULL) { 5814 /* Attach buffer to mbuf header. */ 5815 MEXTADD(m, rbuf->vaddr, size, 0, iwn_free_rbuf, rbuf); 5816 m->m_flags |= M_EXT_RW; 5817 } 5818 else { 5819 MEXTMALLOC(m, size, how); 5820 if ((m->m_flags & M_EXT) == 0) { 5821 m_freem(m); 5822 return NULL; 5823 } 5824 } 5825 5826 #else 5827 #ifdef MCLGET4K 5828 if (size == 4096) 5829 MCLGET4K(m, how); 5830 else 5831 panic("size must be 4k"); 5832 #else 5833 MEXTMALLOC(m, size, how); 5834 #endif 5835 if ((m->m_flags & M_EXT) == 0) { 5836 m_freem(m); 5837 return NULL; 5838 } 5839 #endif 5840 5841 return m; 5842 } 5843 5844 #ifdef IWN_USE_RBUF 5845 static struct iwn_rbuf * 5846 iwn_alloc_rbuf(struct iwn_softc *sc) 5847 { 5848 struct iwn_rbuf *rbuf; 5849 mutex_enter(&sc->rxq.freelist_mtx); 5850 5851 rbuf = SLIST_FIRST(&sc->rxq.freelist); 5852 if (rbuf != NULL) { 5853 SLIST_REMOVE_HEAD(&sc->rxq.freelist, next); 5854 sc->rxq.nb_free_entries --; 5855 } 5856 mutex_exit(&sc->rxq.freelist_mtx); 5857 return rbuf; 5858 } 5859 5860 /* 5861 * This is called automatically by the network stack when the mbuf to which 5862 * our RX buffer is attached is freed. 5863 */ 5864 static void 5865 iwn_free_rbuf(struct mbuf* m, void *buf, size_t size, void *arg) 5866 { 5867 struct iwn_rbuf *rbuf = arg; 5868 struct iwn_softc *sc = rbuf->sc; 5869 5870 /* Put the RX buffer back in the free list. */ 5871 mutex_enter(&sc->rxq.freelist_mtx); 5872 SLIST_INSERT_HEAD(&sc->rxq.freelist, rbuf, next); 5873 mutex_exit(&sc->rxq.freelist_mtx); 5874 5875 sc->rxq.nb_free_entries ++; 5876 if (__predict_true(m != NULL)) 5877 pool_cache_put(mb_cache, m); 5878 } 5879 5880 static int 5881 iwn_alloc_rpool(struct iwn_softc *sc) 5882 { 5883 struct iwn_rx_ring *ring = &sc->rxq; 5884 struct iwn_rbuf *rbuf; 5885 int i, error; 5886 5887 mutex_init(&ring->freelist_mtx, MUTEX_DEFAULT, IPL_NET); 5888 5889 /* Allocate a big chunk of DMA'able memory... */ 5890 error = iwn_dma_contig_alloc(sc->sc_dmat, &ring->buf_dma, NULL, 5891 IWN_RBUF_COUNT * IWN_RBUF_SIZE, PAGE_SIZE); 5892 if (error != 0) { 5893 aprint_error_dev(sc->sc_dev, 5894 "could not allocate RX buffers DMA memory\n"); 5895 return error; 5896 } 5897 /* ...and split it into chunks of IWN_RBUF_SIZE bytes. */ 5898 SLIST_INIT(&ring->freelist); 5899 for (i = 0; i < IWN_RBUF_COUNT; i++) { 5900 rbuf = &ring->rbuf[i]; 5901 5902 rbuf->sc = sc; /* Backpointer for callbacks. */ 5903 rbuf->vaddr = (void *)((vaddr_t)ring->buf_dma.vaddr + i * IWN_RBUF_SIZE); 5904 rbuf->paddr = ring->buf_dma.paddr + i * IWN_RBUF_SIZE; 5905 5906 SLIST_INSERT_HEAD(&ring->freelist, rbuf, next); 5907 } 5908 ring->nb_free_entries = IWN_RBUF_COUNT; 5909 return 0; 5910 } 5911 5912 static void 5913 iwn_free_rpool(struct iwn_softc *sc) 5914 { 5915 iwn_dma_contig_free(&sc->rxq.buf_dma); 5916 } 5917 #endif 5918 5919 /* 5920 * XXX code from OpenBSD src/sys/net80211/ieee80211_output.c 5921 * Copyright (c) 2001 Atsushi Onoe 5922 * Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting 5923 * Copyright (c) 2007-2009 Damien Bergamini 5924 * All rights reserved. 5925 */ 5926 5927 /* 5928 * Add an SSID element to a frame (see 7.3.2.1). 5929 */ 5930 static u_int8_t * 5931 ieee80211_add_ssid(u_int8_t *frm, const u_int8_t *ssid, u_int len) 5932 { 5933 *frm++ = IEEE80211_ELEMID_SSID; 5934 *frm++ = len; 5935 memcpy(frm, ssid, len); 5936 return frm + len; 5937 } 5938 5939 /* 5940 * Add a supported rates element to a frame (see 7.3.2.2). 5941 */ 5942 static u_int8_t * 5943 ieee80211_add_rates(u_int8_t *frm, const struct ieee80211_rateset *rs) 5944 { 5945 int nrates; 5946 5947 *frm++ = IEEE80211_ELEMID_RATES; 5948 nrates = min(rs->rs_nrates, IEEE80211_RATE_SIZE); 5949 *frm++ = nrates; 5950 memcpy(frm, rs->rs_rates, nrates); 5951 return frm + nrates; 5952 } 5953 5954 /* 5955 * Add an extended supported rates element to a frame (see 7.3.2.14). 5956 */ 5957 static u_int8_t * 5958 ieee80211_add_xrates(u_int8_t *frm, const struct ieee80211_rateset *rs) 5959 { 5960 int nrates; 5961 5962 KASSERT(rs->rs_nrates > IEEE80211_RATE_SIZE); 5963 5964 *frm++ = IEEE80211_ELEMID_XRATES; 5965 nrates = rs->rs_nrates - IEEE80211_RATE_SIZE; 5966 *frm++ = nrates; 5967 memcpy(frm, rs->rs_rates + IEEE80211_RATE_SIZE, nrates); 5968 return frm + nrates; 5969 } 5970 5971 /* 5972 * XXX: Hack to set the current channel to the value advertised in beacons or 5973 * probe responses. Only used during AP detection. 5974 * XXX: Duplicated from if_iwi.c 5975 */ 5976 static void 5977 iwn_fix_channel(struct ieee80211com *ic, struct mbuf *m) 5978 { 5979 struct ieee80211_frame *wh; 5980 uint8_t subtype; 5981 uint8_t *frm, *efrm; 5982 5983 wh = mtod(m, struct ieee80211_frame *); 5984 5985 if ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) != IEEE80211_FC0_TYPE_MGT) 5986 return; 5987 5988 subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 5989 5990 if (subtype != IEEE80211_FC0_SUBTYPE_BEACON && 5991 subtype != IEEE80211_FC0_SUBTYPE_PROBE_RESP) 5992 return; 5993 5994 frm = (uint8_t *)(wh + 1); 5995 efrm = mtod(m, uint8_t *) + m->m_len; 5996 5997 frm += 12; /* skip tstamp, bintval and capinfo fields */ 5998 while (frm < efrm) { 5999 if (*frm == IEEE80211_ELEMID_DSPARMS) 6000 #if IEEE80211_CHAN_MAX < 255 6001 if (frm[2] <= IEEE80211_CHAN_MAX) 6002 #endif 6003 ic->ic_curchan = &ic->ic_channels[frm[2]]; 6004 6005 frm += frm[1] + 2; 6006 } 6007 } 6008 6009
Indexes created Thu Oct 02 14:10:14 GMT 2025